cocagne
commented
2 years ago Thanks for the patch! I just published it on PyPI under version 1.0.20.
Closed holocronweaver closed 2 years ago
cocagne
commented
2 years ago Thanks for the patch! I just published it on PyPI under version 1.0.20.
This should resolve #39.
RFC5054 section 2.2 suggests generating B prior to A as part of the server providing the user other SRP parameters (N, g, s). However the Verifier constructor required A, which meant A had to be generated prior to B. This change allows A to optionally be provided to Verifier.verify_session instead of the constructor. Thus it enables A and B to be generated in any order.
Why would one want to generate B first? It allows the server to vend SRP parameters (N, g, s, along with B) rather than having them hardcoded in the user client. This can be useful say if the server wants to randomly assign each user a safe prime from a library to reduce blast radius of users affected by pre-computed table attacks for a particular safe prime. However not hardcoding the safe prime requires that the user verify the safe prime and generator received from the server (e.g., verify bit length, highest bit is 1 to ensure it is large, and that the value is a safe prime with the expected generator).
Changes include: