sensagent's content

• definitions
• synonyms
• antonyms
• encyclopedia

Dictionary and translator for handheld

New : sensagent is now available on your handheld

sensagent's office

Shortkey or widget. Free.

Windows Shortkey: . Free.

Vista Widget : . Free.

Webmaster Solution

Alexandria

A windows (pop-into) of information (full-content of Sensagent) triggered by double-clicking any word on your webpage. Give contextual explanation and translation from your sites !

Try here  or   get the code

SensagentBox

With a SensagentBox, visitors to your site can access reliable information on over 5 million pages provided by Sensagent.com. Choose the design that fits your site.

WordGame

The English word games are:
○   Anagrams
○   Wildcard, crossword
○   Lettris
○   Boggle.

Lettris

Lettris is a curious tetris-clone game where all the bricks have the same square shape but different content. Each square carries a letter. To make squares disappear and save space for other squares you have to assemble English words (left, right, up, down) from the falling squares.

boggle

Boggle gives you 3 minutes to find as many words (3 letters or more) as you can in a grid of 16 letters. You can also try the grid of 16 letters. Letters must be adjacent and longer words score better. See if you can get into the grid Hall of Fame !

English dictionary
Main references

Most English definitions are provided by WordNet .
English thesaurus is mainly derived from The Integral Dictionary (TID).
English Encyclopedia is licensed by Wikipedia (GNU).

The wordgames anagrams, crossword, Lettris and Boggle are provided by Memodata.
The web service Alexandria is granted from Memodata for the Ebay search.
The SensagentBox are offered by sensAgent.

Translation

Change the target language to find translations.
Tips: browse the semantic fields (see From ideas to words) in two languages to learn more.

last searches on the dictionary :

5316 online visitors

computed in 0.140s

»

# Wikipedia

The Secure Remote Password protocol (SRP) is an augmented password-authenticated key agreement (PAKE) protocol.

Like all augmented PAKE protocols, an evesdropper or man in the middle cannot obtain enough information to be able to brute force guess a password without further interactions with the parties for each guess. This means that strong security can be obtained using weak passwords. Further the server does not store password-equivalent data. This means that an attacker that stole the server data still cannot masquerade as the client unless they first perform a brute force search for the password.

SRP is probably not encumbered by patents.

## Overview

The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not require a trusted third party. It effectively conveys a zero-knowledge password proof from the user to the server. In revision 6 of the protocol only one password can be guessed per connection attempt. One of the interesting properties of the protocol is that even if one or two of the cryptographic primitives it uses are attacked, it is still secure. The SRP protocol has been revised several times, and is currently at revision 6a.

The SRP protocol creates a large private key shared between the two parties in a manner similar to Diffie–Hellman, then verifies to both parties that the two keys are identical and that both sides have the user's password. In cases where encrypted communications as well as authentication are required, the SRP protocol is more secure than the alternative SSH protocol and faster than using Diffie–Hellman with signed messages. It is also independent of third parties, unlike Kerberos. The SRP protocol, version 3 is described in RFC 2945. SRP version 6 is also used for strong password authentication in SSL/TLS[1] (in TLS-SRP) and other standards such as EAP[2] and SAML, and is being standardized in IEEE P1363 and ISO/IEC 11770-4.

## Protocol

The following notation is used in this description of the protocol, version 6:

• q and N = 2q + 1 are chosen such that both are prime (N is a safe prime and q is a Sophie Germain prime). N must be large enough so that computing discrete logarithms modulo N is infeasible.
• All arithmetic is performed in the field of integers modulo N, $\mathbb{Z}_N$.
• g is a generator of the multiplicative group.
• k is a parameter derived by both sides; for example, k = H(N, g).
• s is a small salt.
• I is an identifying username.
• p is the user's password.
• H() is a hash function; e.g., SHA-256.
• v is the host's password verifier, v = gx, x = H(s,p). Using of functions like PBKDF2 instead of H for password hashing is highly recommended.
• a and b are random.
• | denotes concatenation.

All other variables are defined in terms of these.

First, to establish a password p with Steve, Carol picks a small random salt s, and computes x = H(s, p), v = gx. Steve stores v and s, indexed by I, as Carol's password verifier and salt. x is discarded because it is equivalent to the plaintext password p. This step is completed before the system is used.

1. Carol → Steve: I | A, with A = ga
2. Steve → Carol: s | B, with B = kv + gb
3. Both: u = H(A, B)
4. Carol: SCarol = (B - kgx)(a + ux) = (kv + gb - kgx)(a + ux) = (kgx- kgx + gb)(a + ux) = (gb)(a + ux)
5. Carol: KCarol = H(SCarol)
6. Steve: SSteve = (Avu)b = (gavu)b = (ga(gx)u)b = (gb)(a + ux)
7. Steve: KSteve = H(SSteve) = KCarol

Now the two parties have a shared, strong session key K. To complete authentication, they need to prove to each other that their keys match. One possible way is as follows:

1. Carol → Steve: M1 = H(H(N) XOR H(g) | H(I) | s | A | B | KCarol). Steve verifies M1.
2. Steve → Carol: M2 = H(A | M1 | KSteve). Carol verifies M2.

This method requires guessing more of the shared state to be successful in impersonation than just the key. While most of the additional state is public, private information could safely be added to the inputs to the hash function, like the server private key. The two parties also employ the following safeguards:

1. Carol will abort if she receives B == 0 (mod N) or u == 0.
2. Steve will abort if he receives A (mod N) == 0.
3. Carol must show her proof of K first. If Steve detects that Carol's proof is incorrect, he must abort without showing his own proof of K.

### Implementation example in Python

```# An example SRP-6a authentication
# WARNING: Do not use for real cryptographic purposes beyond testing.
# based on http://srp.stanford.edu/design.html
import hashlib
import random

def global_print(*names):
x = lambda s: ["%s", "0x%x"][isinstance(s, long)] % s
print "".join("%s = %s\n" % (name, x(globals()[name])) for name in names)

def H(*a):  # a one-way hash function
return int(hashlib.sha256(str(a)).hexdigest(), 16) % N

def cryptrand(n=1024):
return random.SystemRandom().getrandbits(n) % N

# A large safe prime (N = 2q+1, where q is prime)
# All arithmetic is done modulo N
# (generated using "openssl dhparam -text 1024")
N = '''00:c0:37:c3:75:88:b4:32:98:87:e6:1c:2d:a3:32:
4b:1b:a4:b8:1a:63:f9:74:8f:ed:2d:8a:41:0c:2f:
c2:1b:12:32:f0:d3:bf:a0:24:27:6c:fd:88:44:81:
97:aa:e4:86:a6:3b:fc:a7:b8:bf:77:54:df:b3:27:
c7:20:1f:6f:d1:7f:d7:fd:74:15:8b:d3:1c:e7:72:
c9:f5:f8:ab:58:45:48:a9:9a:75:9b:5a:2c:05:32:
16:2b:7b:62:18:e8:f1:42:bc:e2:c3:0d:77:84:68:
9a:48:3e:09:5e:70:16:18:43:79:13:a8:c3:9c:3d:
d0:d4:ca:3c:50:0b:88:5f:e3'''
N = int(''.join(N.split()).replace(':', ''), 16)
g = 2        # A generator modulo N

k = H(N, g)  # Multiplier parameter (k=3 in legacy SRP-6)

print "#. H, N, g, and k are known beforehand to both client and server:"
global_print("H", "N", "g", "k")

print "0. server stores (I, s, v) in its password database"

# the server must first generate the password verifier
s = cryptrand(64)    # Salt for the user
x = H(s, p)          # Private key
v = pow(g, x, N)     # Password verifier
global_print("I", "p", "s", "x", "v")

print "1. client sends username I and public ephemeral value A to the server"
a = cryptrand()
A = pow(g, a, N)
global_print("I", "A")  # client->server (I, A)

print "2. server sends user's salt s and public ephemeral value B to client"
b = cryptrand()
B = (k * v + pow(g, b, N)) % N
global_print("s", "B")  # server->client (s, B)

print "3. client and server calculate the random scrambling parameter"
u = H(A, B)  # Random scrambling parameter
global_print("u")

print "4. client computes session key"
x = H(s, p)
S_c = pow(B - k * pow(g, x, N), a + u * x, N)
K_c = H(S_c)
global_print("S_c", "K_c")

print "5. server computes session key"
S_s = pow(A * pow(v, u, N), b, N)
K_s = H(S_s)
global_print("S_s", "K_s")

print "6. client sends proof of session key to server"
M_c = H(H(N) ^ H(g), H(I), s, A, B, K_c)
global_print("M_c")
# client->server (M_c) ; server verifies M_c

print "7. server sends proof of session key to client"
M_s = H(A, M_c, K_s)
global_print("M_s")
# server->client (M_s) ;  client verifies M_s
```

## References

1. ^ Taylor, David; Tom Wu; Nikos Mavrogiannopoulos; Trevor Perrin (November 2007). "Using the Secure Remote Password (SRP) Protocol for TLS Authentication".  RFC 5054
2. ^ Carlson, James; Bernard Aboba; Henry Haverinen (July 2001). "EAP SRP-SHA1 Authentication Protocol". IETF.  Draft.