Information
Client has user and password.
Server has user, iteration, salt, storedkey and serverkey.
Algorithm
# client-first-message Client ---- (c_user, c_random) ----------------> Server
s_iteration = DB.get(c_user, 'iteration') s_salt = DB.get(c_user, 'salt') # server-first-message Client <--- (s_iteration, s_salt, s_random) ---- Server
c_saltedpassword = Hi(Normalize(c_password), s_salt, s_iteration) c_clientkey = HMAC(c_saltedpassword, 'Client Key') c_storedkey = H(c_clientKey) c_authmessage = client-first-message + server-first-message + client-final-message-without-proof c_clientsignature = HMAC(c_storedkey, c_authmessage) c_clientproof = c_clientkey XOR c_clientsignature # client-final-message Client ---- (c_clientproof, s_random) ---------> Server
s_authmessage = client-first-message + server-first-message + client-final-message-without-proof s_storedkey = DB.get(c_user, 'storedkey') s_clientsignature = HMAC(s_storedkey, s_authmessage) s_clientkey = c_clientproof XOR s_clientsignature if H(s_clientkey) == s_storedkey: return 'Client authenticated' s_serverkey = DB.get(c_user, 'serverkey') s_serversignature = HMAC(s_serverkey, s_authmessage) # server-final-message Client <--- (s_serversignature) ---------------- Server
c_serverkey = HMAC(c_saltedpassword, 'Server Key') c_serversignature = HMAC(c_serverkey, c_authmessage) if c_serversignature == s_serversignature: return 'Server authenticated'
Benefits
Protection against information leakage because the server stores a hash.
Protection against mitm because the password is never transmitted.
Acknowledgment
K
No comments:
Post a Comment