Talk:Secure Remote Password protocol

Computing Unassessed

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing ??? This article has not yet received a rating on Wikipedia's content assessment scale. ??? This article has not yet received a rating on the project's importance scale.

Small nitpick: If ${\displaystyle N=2q+1}$ and both ${\displaystyle N}$ and ${\displaystyle q}$ are prime then ${\displaystyle q}$ (not ${\displaystyle N}$) is called a Sophie Germain prime. Unfortunately, this error calling the bigger prime "Sophie Germain" is quite popular in cryptography and even made it into some RFCs.

I have also noticed this and made the correction. TheAnarcat (talk) 22:07, 23 July 2009 (UTC)[reply]

Actually, before we make that change, we probably want to make some changes to the Safe_prime and Sophie_Germain_prime pages, as they agree with the original writing here (which i just reverted back to). TheAnarcat (talk) 22:24, 23 July 2009 (UTC)[reply]

How generator of the multiplicative group is selected? Dipogogo (talk) 10:31, 22 July 2009 (UTC)[reply]

In the code there, it uses random.getrandbits, which is OK for demonstrative purposes. However, the random module documentation included a clear warning:

Almost all module functions depend on the basic function random(), which generates a random float uniformly in the semi-open range [0.0, 1.0). Python uses the Mersenne Twister as the core generator. It produces 53-bit precision floats and has a period of 2**19937-1. The underlying implementation in C is both fast and threadsafe. The Mersenne Twister is one of the most extensively tested random number generators in existence. However, being completely deterministic, it is not suitable for all purposes, and is completely unsuitable for cryptographic purposes.

(from Python v2.6.4 documentation, The Python Standard Library, 10. Numeric and Mathematical Modules, random)

A safer alternative for someone to use would be os.urandom, which relies on an OS implementation:

os.urandom(n) Return a string of n random bytes suitable for cryptographic use.

This function returns random bytes from an OS-specific randomness source. The returned data should be unpredictable enough for cryptographic applications, though its exact quality depends on the OS implementation. On a UNIX-like system this will query /dev/urandom, and on Windows it will use CryptGenRandom. If a randomness source is not found, NotImplementedError will be raised.

New in version 2.4.

(from Python v2.6.4 documentation, The Python Standard Library, 16. Generic Operating System Services, os, 16.1.7 Miscellaneous Functions)

I'm not going to change this, but it would be a good recommendation. —Preceding unsigned comment added by 70.100.231.253 (talk) 02:00, 12 August 2010 (UTC)[reply]

I've also noticed that the code performs modulo N on the generated random number. Timothy (talk) 22:50, 13 February 2011 (UTC)[reply]

I find a few things in the section "Protocol" unclear or improvable:

• u isn't random, it's computed in step 3.
• x is discarded only on Steve; Carol must remember x for step 4.
• In step 4, why not write v in place of g^x as before?
• Why does Steve transmit the salt s in step 2? Are we assuming that Carol did not store v?
• How are N and g chosen and remembered?

Thanks! 82.35.49.111 (talk) 08:45, 13 February 2011 (UTC)[reply]

Actually, Carol must remember password, from which he can generate x.

In step 4, why not write v in place of g^x as before?

Is possible.

Why does Steve transmit the salt s in step 2? Are we assuming that Carol did not store v?

Nope. The only things Carol is storing are login and password.

How are N and g chosen and remembered?

They are parts of the protocol. — Preceding unsigned comment added by 77.4.152.254 (talk) 19:03, 14 August 2011 (UTC)[reply]

• What exactly meaning of "All arithmetic is performed in the field of integers modulo N"?

In python demonstration, It seem like only "power mod" operation in the field of modulo N. Others like additon, subtraction, multiplication are beyond the field. Should these operation module N too? — Preceding unsigned comment added by 58.38.19.167 (talk) 18:21, 3 October 2011 (UTC)[reply]

I agree, this point needs proper clarification 81.153.206.110 (talk) 11:48, 22 October 2011 (UTC)[reply]

Any operation should be modulo N. This is just python code flaw. 1.2.3.4 — Preceding unsigned comment added by 178.27.147.19 (talk) 01:26, 2 February 2012 (UTC)[reply]

Why is there no mention of this the highly contentious IPR status of SRP? Did it become no longer highly contentious?--71.191.197.79 (talk) 05:52, 30 June 2011 (UTC)[reply]

[1]

SRP is available to commercial and non-commercial users under a royalty-free license. The Internet played a significant role in SRP's early development; without it, SRP would not have received anywhere near the amount of analysis and feedback that it has gotten since it was first proposed and refined. It is thus fitting that the Internet at large can benefit from the fruits of this endeavor. Since SRP is specifically designed to work around existing patents in the area, it gives everybody access to strong, unencumbered password authentication technology that can be put to a wide variety of uses.

How does the protocol deal with issue of a negative result from S_c = pow(B - k * pow(g, x, N), a + u * x, N) specifically "B - k * pow(g, x, N)"81.153.206.110 (talk) 09:54, 22 October 2011 (UTC)[reply]