On 11/5/20 8:06 PM, Dimitry Sibiryakov wrote:
Hello All.
https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol says:
The two parties also employ the following safeguards:
Carol will abort if she receives B = 0 (mod N) or u = 0.
Steve will abort if he receives A (mod N) = 0.
Carol must show her proof of K (or S) first. If Steve detects
that Carol's proof is incorrect, he must abort without showing his
own proof of K (or S)
I don't see the first two safeguards in Srp plugin code. Are they
there?
They are missing (like in python sample in mentioned above article). And
if client-side safeguard is not very interesting for us cause w/o wire
encryption we do not check server's proof at client, server's check for
clients public key is not 0 should be added.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
