GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Bouke → SRP

Bouke / SRP

Licence: MIT license
Secure Remote Password (SRP) for Swift

Programming Languages

swift
15916 projects
python
139335 projects - #7 most used programming language

Labels

securityencryptionauthenticationpasswordsrpsrp-6arfc-2945rfc-5054

Projects that are alternatives of or similar to SRP

srptools
Tools to implement Secure Remote Password (SRP) authentication
Stars: ✭ 22 (-50%)
Mutual labels:  srp, rfc-2945, rfc-5054
URP-Sun-Shafts
A URP port of Unity's classic Standard Assets Effects package's Sun Shaft effect
Stars: ✭ 36 (-18.18%)
Mutual labels:  srp
WiFi-View
在 Android 设备上快速查看与管理保存的 WiFi 密码
Stars: ✭ 15 (-65.91%)
Mutual labels:  password
secrets
Useful to get input on noecho, secrets, passwords, token, hints
Stars: ✭ 13 (-70.45%)
Mutual labels:  password
longtongue
Customized Password/Passphrase List inputting Target Info
Stars: ✭ 61 (+38.64%)
Mutual labels:  password
be password
Benutzer können ihr Passwort zurückzusetzen, wenn sie es vergessen haben.
Stars: ✭ 26 (-40.91%)
Mutual labels:  password
AzureAD Autologon Brute
Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
Stars: ✭ 90 (+104.55%)
Mutual labels:  password
pwm
自用的密码管理工具
Stars: ✭ 34 (-22.73%)
Mutual labels:  password
Hemmelig.app
Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.
Stars: ✭ 183 (+315.91%)
Mutual labels:  password
PassHUD
A HUD-style interface for pass on macOS
Stars: ✭ 31 (-29.55%)
Mutual labels:  password
docker-self-service-password
Dockerized LDAP Tollbox Self Service Password Changer with many customizable options
Stars: ✭ 105 (+138.64%)
Mutual labels:  password
cognito-srp
Go library for AWS Cognito SRP
Stars: ✭ 40 (-9.09%)
Mutual labels:  srp
secret-service
Service to keep secrets of applications
Stars: ✭ 56 (+27.27%)
Mutual labels:  password
Password-Store
Saves your password with cryptography so only you can decode it.
Stars: ✭ 15 (-65.91%)
Mutual labels:  password
pundit kit
Extension for pundit which allows to describe namespaces of policies in routes-like style
Stars: ✭ 12 (-72.73%)
Mutual labels:  srp
Passky-Desktop
Desktop application for Passky (password manager)
Stars: ✭ 47 (+6.82%)
Mutual labels:  password
secrets
Simple Secret Sharing Service for social and decentralised management of passwords
Stars: ✭ 30 (-31.82%)
Mutual labels:  password
disallow-pwned-passwords
Disallow WordPress and WooCommerce users using pwned passwords
Stars: ✭ 29 (-34.09%)
Mutual labels:  password
turaku-client
Web / Electron client application for Turaku
Stars: ✭ 27 (-38.64%)
Mutual labels:  password
gnirts
Obfuscate string literals in JavaScript code.
Stars: ✭ 65 (+47.73%)
Mutual labels:  password
View All Similar Projects ➔

Secure Remote Password (SRP) for Swift

Secure Remote Password is a authentication protocol to prove your identity to another party, using a password, but without ever revealing that password to other parties. Not even the party you are proving your identity. See Secure Remote Password protocol for more information on this protocol.

CI status

Example usage

// This is a database of users, along with their salted verification keys
let userStore: [String: (salt: Data, verificationKey: Data)] = [
    "alice": createSaltedVerificationKey(username: "alice", password: "password123"),
    "bob": createSaltedVerificationKey(username: "bob", password: "qwerty12345"),
]

// Alice wants to authenticate, she sends her username to the server.
let client = Client(username: "alice", password: "password123")
let (username, clientPublicKey) = client.startAuthentication()

let server = Server(
    username: username,
    salt: userStore[username]!.salt,
    verificationKey: userStore[username]!.verificationKey)

// The server shares Alice's salt and its public key (the challenge).
let (salt, serverPublicKey) = server.getChallenge()

// Alice generates a sessionKey and proofs she generated the correct
// session key based on her password and the challenge.
let clientKeyProof = try client.processChallenge(salt: salt, publicKey: serverPublicKey)

// The server verifies Alices' proof and generates their proof.
let serverKeyProof = try server.verifySession(publicKey: clientPublicKey, keyProof: clientKeyProof)

// The client verifies the server's proof.
try client.verifySession(keyProof: serverKeyProof)

// At this point, authentication has completed.
assert(server.isAuthenticated)
assert(client.isAuthenticated)

// Both now have the same session key. This key can be used to encrypt
// further communication between client and server.
assert(server.sessionKey == client.sessionKey)

More information can be found in the documentation.

Swift Compatibility

Swift 4 is required with version 3 of this package. Use version 2 if you need Swift 3 compatibility.

Compatibility with other implementations

I like to believe this implementation correctly implements the RFC. However not all implementations do and might result in not being able to authenticate accross implementations. And subtle differences might result in low failure rates due to the randomness this protocol includes.

  • Python: srp is not compatible; it doesn't correctly calculate k.
  • Python: srptools is compatible.

Development

Testing

This project includes unit tests. A few compiler flags are required to run the tests swiftly:

swift test -c release -Xswiftc -enable-testing

References

Credits

This library was written by Bouke Haarsma.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].