Closed 9876691 closed 3 years ago
Concerns
Any JS we add to the client creates more opportunities for side channel attacks. The data stored by SRP is it more secure than a hashed password. i.e. can we repliucate the private key with a dictionary attack. The key doesn't have a lot of entropy. Have a look at https://docs.rs/opaque-ke/0.5.0/opaque_ke/
Note that this is not specific to SRP; for any password-based authentication method, if the attacker can learn everything the server knows, then he can impersonate the server, and in addition, he can perform an undetectable dictionary attack (for example, by simulating a client logging in with various passwords; this is undetectable because since this occurs entirely on the attackers equipment, you aren't informed that someone that someone is trying to log into the system with a long series of passwords).
Looks like BitWarden has a good solution for this.
https://bitwarden.com/help/article/bitwarden-security-white-paper/
Example code
Is there a way to generate a private key from the users password which we then use to encrypt a random private key.
From the skiff docs https://www.skiff.org/security
In this system, Bob’s public keys are publicly visible, while his private keys are encrypted end-to-end. His password and password_derived_secret are never stored, not even as encrypted data. Bob’s password_derived_secret and password are also never sent over any network, even as encrypted data. We use the secure remote password (SRP) protocol to authenticate user login. After Bob is authenticated using SRP, the server sends Bob’s encrypted_user_data as well as a signed JSON Web Token (JWT) to indicate that Bob has properly logged in within a certain amount of time. In our security model, the time-limited JWT is used for “read-only” operations, including downloading encry