On Thu, Oct 18, 2012 at 9:03 PM, James A. Donald <[email protected]> wrote: > On 2012-10-19 10:52 AM, Jeffrey Walton wrote: >> >> Hi All, >> >> I have a Secure Remote Password (SRP) implementation that went through >> a pen test. The testers provided a critical finding - the email >> address was sent in the plaintext. Noe that plaintext email addresses >> are part of the protocol. >> >> I'm not really convinced that using an email address in the plaintext >> for the SRP protocol is finding-worthy, considering email addresses >> are public information. And I'm very skeptical that its a critical >> finding. >> >> With that said, what are the options here? I was thinking a simple >> mask function, which would remove the "plaintext-ness" (but not add >> any security to the system). Heuristically, masking the email address >> is *not* less secure than sending the email in the plaintext. >> >> Any ideas? >> > Please describe protocol With lots of hand waiving, SRP is a PAKE that utilizes Diffie-Hellman. Rather than g^ab, SRP uses g^password, plus random values from client and server for each instance of the protocol. On the server, the server stores a {email, salt, Hash(password)} tuple - it looks a lot like a Unix password file.
The IETF specifications are available at http://www.ietf.org/rfc/rfc2945.txt (SRP-3) and http://tools.ietf.org/rfc/rfc5054.txt (SRP-6). SRP-3 is similar to Thomas Wu's original specification while at Stanford. SRP-6 is hammering SRP into the SSL/TLS hole. > I conjecture that it works as username and password, and the email addresses > are the username. If so, why not make a one way hash of the email address > the username, rather than the plaintext email address? Yes, your intuition is correct. Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
