Last active
December 12, 2023 21:20
-
-
Save xIvan0ff/9e39c07cab8e03e1e51194a4406448ed to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib, secrets | |
def CalculateSRP6Verifier(username, password, salt): | |
g = int(7) | |
N = int("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7", 16) | |
userpassupper = f'{username}:{password}'.upper() | |
h1 = hashlib.sha1(userpassupper.encode('utf-8')).digest() | |
h2 = hashlib.sha1(salt + h1) | |
h2 = int.from_bytes(h2.digest(), 'little') | |
verifier = pow(g,h2,N) | |
verifier = verifier.to_bytes(32, 'little') | |
verifier = verifier.ljust(32, b'\x00') | |
return verifier | |
def GetSRP6RegistrationData(username, password): | |
salt = secrets.token_bytes(32) | |
verifier = CalculateSRP6Verifier(username, password, salt) | |
return [salt, verifier] | |
def VerifySRP6Login(username, password, salt, verifier): | |
checkVerifier = CalculateSRP6Verifier(username, password, salt) | |
return verifier == checkVerifier |
Thanks for your works.
You're welcome.
can you show also how to use this method with mysql and how you generate salt ?
example i try like this:
Dim verifier = SRP6Enc.GetSRP6RegistrationData(TextAccountCreateName.Text, TextAccountPasswordCreate.Text)
Using conn As New MySqlConnection(conStr)
Using cmd As New MySqlCommand()
cmd.Connection = conn
Select Case Data.Settings.SelectedCore
Case Cores.AzerothCore
cmd.CommandText = "INSERT INTO account (username, email, salt, verifier) VALUES (@user,@ema,@pass,@verif)"
cmd.Parameters.AddWithValue("@user", TextAccountCreateName.Text)
cmd.Parameters.AddWithValue("@ema", TextAccountEmailCreate.Text)
cmd.Parameters.AddWithValue("@verif", verifier(1))
If Data.Settings.EnableDBEncrypt And Data.Settings.DatabaseEncryption >= 1 Then
cmd.Parameters.AddWithValue("@pass", verifier(0))
Else
cmd.Parameters.AddWithValue("@pass", TextAccountPasswordCreate.Text)
End If
Case Else
Exit Sub
End Select
conn.Open()
cmd.ExecuteNonQuery()
End Using
End Using
The problem is this: account is added in db, but when try to login wrong password message, so it stores something wrong
Another thing is that Dim verifier As BigInteger = BigInteger.ModPow(g, h2Int, N) always give error with:
'The number must be greater than or equal to zero.
Parameter name: exponent'
N - {-53692022728160178081501488867784957990020226329639767110891142837619400991817}
h2int - {-199588655907207267643884663243470580682797375670}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for your works.