Is there a way to use GMP libraries in node.js to credentials with SRP6

✔ Recommended Answer

I found the answer to my question a while ago. This can be done in Node.js using the Buffer and the following libs bigint-buffer, big-integer as I did it below.

const bigintBuffer = require(`bigint-buffer`)const BigInteger = require(`big-integer`)const crypto = require(`crypto`)/** * * @param {Buffer} salt * @param {string} identity * @param {string} password * @return {Buffer} */function computeVerifier (salt, identity, password) {    const hashIP = crypto.createHash(`sha1`)        .update(identity + `:` + password)        .digest()    const hashX = crypto.createHash(`sha1`)        .update(salt)        .update(hashIP)        .digest()    const x = bigintBuffer.toBigIntLE(hashX)    const g = BigInt(`0x7`)    const N = BigInt(`0x894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7`)    const verifier = BigInteger(g).modPow(x, N)    const lEVerifier = verifier.value.toString(16).match(/.{2}/g).reverse().join(``)    return Buffer.from(lEVerifier, `hex`)}// Testcrypto.randomBytes(32, (err, buf) => {    if (err) throw err;    computeVerifier(buf, `foo`, `bar`);});

If you want to use directly a library I created one which works for TrinityCore and AzerothCore: https://www.npmjs.com/package/trinitycore-srp6

Source: stackoverflow.com

Answered By: miorey

Method #2

Yes, it is possible to use the GMP library in Node.js to implement Secure Remote Password (SRP) protocol version 6 for authentication. The GMP library is a popular open-source library that provides high-precision arithmetic operations for integers, rational numbers, and floating-point numbers.

To use the GMP library in Node.js, you can install the "gmp" npm package, which is a Node.js binding for the GMP library. Once you have installed the package, you can use the functions provided by the GMP library to perform the necessary arithmetic operations required for SRP6 authentication.

Here is a high-level overview of the steps required to implement SRP6 using the GMP library in Node.js:

  1. Generate a large prime number (p) and a generator (g) for the group used in the SRP6 protocol. You can use the GMP library to generate these values.

  2. Generate a random salt value (s) for the user's password. You can use Node.js crypto library to generate a random salt value.

  3. Compute the user's verifier (v) using the user's salt value and password. You can use the GMP library to perform the necessary arithmetic operations to compute v.

  4. Generate a random private key (a) for the user and compute the corresponding public key (A) using the generator (g) and prime number (p). You can use the GMP library to perform these operations.

  5. Exchange the public keys (A and B) between the client and server.

  6. Compute the session key (K) using the client's private key (a), the server's public key (B), the prime number (p), and the generator (g). You can use the GMP library to perform these operations.

  7. Use the session key (K) to authenticate the user.

Overall, implementing SRP6 with the GMP library in Node.js requires a good understanding of the SRP6 protocol and the GMP library's arithmetic operations. You can find more detailed information and examples on the official documentation of the GMP library and the SRP6 protocol.

Comments

Post a Comment

Most Popular

PhpStorm, return value is expected to be 'A', 'object' returned

Image
✔ Recommended Answer Has to be because object can be ANY class instance, even B etc. You can annotate the create() method with generics PHPDoc to tell that the return type will be the same as the input parameter class string. It gives more context info to the IDE. /** * @template T * * @param string $class * @return T */ private function create(string $class) : object { return new $class(); } P.S. Instead of create('B'); better use create(B::class) . This way the IDE can track the usages of that class for refactoring/search purposes etc. Source: stackoverflow.com Answered By: LazyOne Method #2 This error message suggests that your code is expecting a value of type 'A' to be returned, but instead, the code is returning an object. This error can occur in PhpStorm, or any other PHP development environment. To resolve this error, you should check the function or method that is returning the object and ensure that it is returning
Read more

Remove Unicode Zero Width Space PHP

✔ Recommended Answer This: $newBody = str_replace("​", "", $newBody); presumes the text is HTML entity encoded. This: $newBody = str_replace("\xE2\x80\x8C", "", $newBody); should work if the offending characters are not encoded, but matches the wrong character (0xe2808c). To match the same character as #8203; you need 0xe2808b: $newBody = str_replace("\xE2\x80\x8B", "", $newBody); Source: stackoverflow.com Answered By: Jef Method #2 To remove Unicode zero width space (ZWSP) from a string in PHP, you can use the str_replace() function to replace the ZWSP character with an empty string. Here's an example: php $str = "Hello​ World" ; // Contains ZWSP after "Hello" // Replace ZWSP with an empty string $str = str_replace ( "\u{200B}" , "" , $str ); echo $str ; // Outputs "Hello World" without ZWSP In this example, the str_replace() functi
Read more

Laravel file upload returns forbidden 403, file permission is 700 not 755

✔ Recommended Answer The issue you are facing could be due to incorrect file permissions for the storage folder. Here are some steps to fix the problem: SSH into your cPanel server. Change the permission of the storage folder to 755: chmod -R 755 storage/ This command will change the permission of the storage folder and all its contents to 755, which should give the web server permission to read and write to the folder. Check the ownership of the storage folder. Ensure that the owner of the folder is the same as the user running the web server (typically www-data on Apache): ls -l This command will list the files and folders in the current directory along with their ownership and permission details. Make sure that the owner of the storage folder is the same as the user running the web server. If the ownership is incorrect, you can change it using the following command: chown -R www-data:www-data storage/ This command will change the ownership of the storage folder and all its conten
Read more