pysrp

Secure Remote Password: Python module

NOTE

This project has moved to GitHub

Project Description

This package provides a Python implementation of the Secure Remote Password protocol (SRP) as defined at http://srp.stanford.edu/

Brief Description of SRP

SRP is a cryptographically strong authentication protocol for password-based, mutual authentication over an insecure network connection.

Unlike other common challenge-response autentication protocols, such as Kereros and SSL, SRP does not rely on an external infrastructure of trusted key servers or certificate management. Instead, SRP server applications use verification keys derived from each user's password to determine the authenticity of a network connection.

SRP provides mutual-authentication in that successful authentication requires both sides of the connection to have knowledge of the user's password. If the client side lacks the user's password or the server side lacks the proper verification key, the authentication will fail.

Unlike SSL, SRP does not directly encrypt all data flowing through the authenticated connection. However, successful authentication does result in a cryptographically strong shared key that can be used for symmetric-key encryption.

For a full description of the pysrp package and the SRP protocol, please refer to the srp module documentation.

Usage Example

``` import srp

The salt and verifier returned from srp.create_salted_verification_key() should be

stored on the server.

salt, vkey = srp.create_salted_verification_key( 'testuser', 'testpassword' )

class AuthenticationFailed (Exception): pass

~ Begin Authentication ~

usr = srp.User( 'testuser', 'testpassword' ) uname, A = usr.start_authentication()

The authentication process can fail at each step from this

point on. To comply with the SRP protocol, the authentication

process should be aborted on the first failure.

Client => Server: username, A

svr = srp.Verifier( uname, salt, vkey, A ) s,B = svr.get_challenge()

if s is None or B is None: raise AuthenticationFailed()

Server => Client: s, B

M = usr.process_challenge( s, B )

if M is None: raise AuthenticationFailed()

Client => Server: M

HAMK = svr.verify_session( M )

if HAMK is None: raise AuthenticationFailed()

Server => Client: HAMK

usr.verify_session( HAMK )

At this point the authentication process is complete.

assert usr.authenticated() assert svr.authenticated() ```

Project Information

License: New BSD License
4 stars
hg-based source control

Labels:
python srp authentication

Code

Archive

pysrp

NOTE

Project Description

Brief Description of SRP

Usage Example

The salt and verifier returned from srp.create_salted_verification_key() should be

stored on the server.

~ Begin Authentication ~

The authentication process can fail at each step from this

point on. To comply with the SRP protocol, the authentication

process should be aborted on the first failure.

Client => Server: username, A

Server => Client: s, B

Client => Server: M

Server => Client: HAMK

At this point the authentication process is complete.

Project Information

pysrp

NOTE

Project Description

Brief Description of SRP

Usage Example

The salt and verifier returned from srp.create_salted_verification_key() should be

stored on the server.

~~~ Begin Authentication ~~~

The authentication process can fail at each step from this

point on. To comply with the SRP protocol, the authentication

process should be aborted on the first failure.

Client => Server: username, A

Server => Client: s, B

Client => Server: M

Server => Client: HAMK

At this point the authentication process is complete.

Project Information

~ Begin Authentication ~