Skip to content

Instantly share code, notes, and snippets.

@xIvan0ff

xIvan0ff/srp6login.py

Last active December 12, 2023 21:20
Show Gist options
  • Save xIvan0ff/9e39c07cab8e03e1e51194a4406448ed to your computer and use it in GitHub Desktop.
Save xIvan0ff/9e39c07cab8e03e1e51194a4406448ed to your computer and use it in GitHub Desktop.
Download ZIP
Raw
srp6login.py
import hashlib, secrets
def CalculateSRP6Verifier(username, password, salt):
g = int(7)
N = int("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7", 16)
userpassupper = f'{username}:{password}'.upper()
h1 = hashlib.sha1(userpassupper.encode('utf-8')).digest()
h2 = hashlib.sha1(salt + h1)
h2 = int.from_bytes(h2.digest(), 'little')
verifier = pow(g,h2,N)
verifier = verifier.to_bytes(32, 'little')
verifier = verifier.ljust(32, b'\x00')
return verifier
def GetSRP6RegistrationData(username, password):
salt = secrets.token_bytes(32)
verifier = CalculateSRP6Verifier(username, password, salt)
return [salt, verifier]
def VerifySRP6Login(username, password, salt, verifier):
checkVerifier = CalculateSRP6Verifier(username, password, salt)
return verifier == checkVerifier
@runningman98
Copy link

Thanks for your works.

@xIvan0ff
Copy link
Author

Thanks for your works.

You're welcome.

@Th3AnG3L
Copy link

Th3AnG3L commented Dec 12, 2023
edited
Loading

can you show also how to use this method with mysql and how you generate salt ?
example i try like this:

Dim verifier = SRP6Enc.GetSRP6RegistrationData(TextAccountCreateName.Text, TextAccountPasswordCreate.Text)

            Using conn As New MySqlConnection(conStr)
                Using cmd As New MySqlCommand()
                    cmd.Connection = conn
                    Select Case Data.Settings.SelectedCore
                        Case Cores.AzerothCore
                            cmd.CommandText = "INSERT INTO account (username, email, salt, verifier) VALUES (@user,@ema,@pass,@verif)"
                            cmd.Parameters.AddWithValue("@user", TextAccountCreateName.Text)
                            cmd.Parameters.AddWithValue("@ema", TextAccountEmailCreate.Text)
                            cmd.Parameters.AddWithValue("@verif", verifier(1))
                            If Data.Settings.EnableDBEncrypt And Data.Settings.DatabaseEncryption >= 1 Then
                                cmd.Parameters.AddWithValue("@pass", verifier(0))
                            Else
                                cmd.Parameters.AddWithValue("@pass", TextAccountPasswordCreate.Text)
                            End If
                        Case Else
                            Exit Sub
                    End Select
                    conn.Open()
                    cmd.ExecuteNonQuery()
End Using
End Using

The problem is this: account is added in db, but when try to login wrong password message, so it stores something wrong
Another thing is that Dim verifier As BigInteger = BigInteger.ModPow(g, h2Int, N) always give error with:
'The number must be greater than or equal to zero.
Parameter name: exponent'
N - {-53692022728160178081501488867784957990020226329639767110891142837619400991817}
h2int - {-199588655907207267643884663243470580682797375670}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment