A safe implementation of the secure remote password authentication and key-exchange protocol (SRP), SRP6a and legacy are as features available.

Related tags

Cryptography cryptography authentication pki srp srp-6a
Overview

Secure Remote Password (SRP 6 / 6a)

crates.io License: MIT codecov

A safe implementation of the secure remote password authentication and key-exchange protocol (SRP version 6a). Version 6 (legacy) is as features available.

About SRP

The Secure Remote Password protocol performs secure remote authentication of short human-memorizable passwords and resists both passive and active network attacks. Because SRP offers this unique combination of password security, user convenience, and freedom from restrictive licenses, it is the most widely standardized protocol of its type, and as a result is being used by organizations both large and small, commercial and open-source, to secure nearly every type of human-authenticated network traffic on a variety of computing platforms.

read more at srp.stanford.edu and in RFC2945 that describes in detail the Secure remote password protocol.

Features

  • client and server implementation of SRP 6 / 6a as in RFC2945
  • key length of 256 to 4096 bit provided as in RFC5054
  • free of unsafe code
  • no openssl dependencies
  • rust native

Documentation

To avoid code duplications this README is kept lean, please find examples and code at:

License

You might also like...
Making Token Exchange program with Solana(Rust), Web3, and Vue
Making Token Exchange program with Solana(Rust), Web3, and Vue

Escrow program for Solana blockchain Tech stack Program (Smart Contract) Rust crates: solana-program, spl-token Solana CLI for test validator UI Types

Hoon Wee 3 May 10, 2022
Polkadex - An Orderbook-based Decentralized Exchange using the Substrate Blockchain Framework.

What is Polkadex? 🚀 Polkadex is a Open Source, Decentralized Exchange Platform made using Substrate Blockchain Framework that provides traders with t

Polkadex 243 Dec 16, 2022
A Multi-chain Decentralized Exchange (DEX) built on CosmWasm for the WYND DAO.

WynDex A Multi-chain Decentralized Exchange (DEX) built on CosmWasm for the WYND DAO. Overview License The initial pool types were copied from astropo

null 7 Jan 31, 2023
Synchronized shadow state of Solana programs available for off-chain processing.

Solana Shadow The Solana Shadow crate adds shadows to solana on-chain accounts for off-chain processing. This create synchronises all accounts and the

null 40 Oct 30, 2022
Monorepo of our ahead-of-time implementation of Secure ECMAScript

Ahead-of-time Secure EcmaScript The monorepo contains a set of packages that helps adopt SES in a pre-compiled way. Security Assumptions This project

Dimension 13 Dec 21, 2022
End-to-end encryption and mutual authentication for distributed applications.
End-to-end encryption and mutual authentication for distributed applications.

✨ Hands-on Introduction: Build end-to-end encrypted, mutually-authenticated, secure messaging in Rust ✨ Rust and Elixir libraries for end-to-end encry

Ockam | Trust for Data-in-Motion 2.8k Jan 2, 2023
A lightning-fast password generator and manager written in Rust
A lightning-fast password generator and manager written in Rust

Passlane A lightning-fast password manager for the command line Features Generate passwords Place the generated password into the clipboard Save previ

Anssi Piirainen 4 Dec 15, 2022
A terminal-based password manager, generator, and importer/exporter (Firefox, Chrome) backed with a concurrent hashmap
A terminal-based password manager, generator, and importer/exporter (Firefox, Chrome) backed with a concurrent hashmap

rucksack A terminal-based password manager, generator, and importer/exporter (Firefox, Chrome) backed with a concurrent hashmap Features Password gene

null 6 Jan 18, 2023
A multiprotocol credentials bruteforcer / password sprayer and enumerator.

Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achi

Simone Margaritelli 45 Oct 24, 2023
Comments
  • No moduli smaller than 2048 bits

    No moduli smaller than 2048 bits

    Your current implementation includes moduli of 256, 512, and 1024 bits. These are unsafe. The first two are extraordinarily easy to break. If you really want to keep them because they are listed in ancient standards documents then hide them behind a feature and label them as never to be used in real systems.

    opened by jpgoldberg 3
  • chore(deps): update sha-1 requirement from 0.9 to 0.10

    chore(deps): update sha-1 requirement from 0.9 to 0.10

    Updates the requirements on sha-1 to permit the latest version.

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • fix(legacy:moduli): hide all moduli < 2048 bit behind feature flag

    fix(legacy:moduli): hide all moduli < 2048 bit behind feature flag

    • fixes issue #1
    • the legacy feature flag now hides all moduli < 2048
    • lib docs adjusted to point out what are safe key length
    • improve readability of example code by hide mocked functions
    • use safe modulus in examples/01_signup.rs
    • extend the Srp6 struct to have the KEY_LEN and SALT_LEN as pub const property available
    • extend the lib rust docs for the 2 missing steps (proof and strong proof verification)
    opened by sassman 1
  • Do not suggest that RSA moduli are usable

    Do not suggest that RSA moduli are usable

    In the docs in defaults.rs you have the text

    **NOTE:** if you need to roll your own modulus, you can generate one e.g. like this:
\```sh
openssl genrsa 1024 | openssl rsa -modulus
\```

    An RSA modulus cannot be used as an SRP group modulus. An RSA modulus is a composite number, and SRP group modulus must be a safe prime. (Also 1024 is way too small. See issue #1 )

    opened by jpgoldberg 0
Owner
Sven Assmann
Polyglot software engineer, since 2006 mainly on web technologies. Like to explore new things and toy around with languages, frameworks and problems. 🦀 he/him
Sven Assmann
GitHub
Plutonium is a two-device chat application that utilises WebSockets and a X25519 ECDH Key Exchange

Plutonium is a two-device chat application that utilises WebSockets and a X25519 ECDH Key Exchange, in addition to AES-256 to securely communicate between the two clients.

brxken 0 Jul 29, 2022
X25519 elliptic curve Diffie-Hellman key exchange in pure-Rust, using curve25519-dalek.

x25519-dalek A pure-Rust implementation of x25519 elliptic curve Diffie-Hellman key exchange, with curve operations provided by curve25519-dalek. This

dalek cryptography 252 Dec 26, 2022
CLI password manager with encryption: AES256, Salsa20 and Chacha20, with cross platform and exclusive features

Keep My House (CLI) CLI password manager with encryption: AES256, Salsa20 and Chacha20, with cross platform and exclusive features Features AES256 GCM

null 4 Sep 7, 2023
Use Touch ID / Secure Enclave for SSH Authentication!

SeKey About SeKey is a SSH Agent that allow users to authenticate to UNIX/Linux SSH servers using the Secure Enclave How it Works? The Secure Enclave

SeKey 2.3k Jan 5, 2023
Password-Authenticated Key Agreement protocols

RustCrypto: PAKEs Password-Authenticated Key Agreement protocols implementation. Warnings Crates in this repository have not yet received any formal c

Rust Crypto 81 Dec 5, 2022
A blazingly fast and memory safe password cracker with user interface.

HashVat A blazingly fast and memory safe password cracker with user interface. HashVat runs with user interface and is capable of cracking the 1.000.0

JBLDSKY 2 Dec 6, 2022
Pure Rust implementation of components of the Secure Shell (SSH) protocol

RustCrypto: SSH Pure Rust implementation of components of the Secure Shell (SSH) protocol. Crates Name crates.io Docs Description ssh—encoding Decoder

Rust Crypto 27 Dec 27, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 30, 2022
User-friendly secure computation engine based on secure multi-party computation

CipherCore If you have any questions, or, more generally, would like to discuss CipherCore, please join the Slack community. See a vastly extended ver

CipherMode Labs 356 Jan 5, 2023
A fast and secure multi protocol honeypot.

Medusa A fast and secure multi protocol honeypot that can mimic realistic devices running ssh, telnet, http, https or any other tcp and udp servers. W

Simone Margaritelli 268 Dec 26, 2022