Expand description
SRP - Secure Remote Password Protocol (SRP-6a).
SRP is a password-authenticated key exchange (PAKE) protocol that allows a client to authenticate to a server using a password, without the server ever seeing the password. The server stores a “verifier” instead of the actual password.
§Features
- Server never sees the password
- Protection against offline dictionary attacks
- Mutual authentication
- Perfect forward secrecy
§Example
use chie_crypto::srp::{SrpClient, SrpServer, SrpVerifier};
// 1. Registration: Client creates verifier for server to store
let username = b"alice";
let password = b"secure-password";
let verifier = SrpVerifier::generate(username, password);
// Server stores: username, salt, and verifier (NOT the password!)
// 2. Authentication: Client initiates login
let (client, client_public) = SrpClient::new(username, password, verifier.salt());
// 3. Server responds with server public key
let (server, server_public) = SrpServer::new(username, &verifier);
// 4. Client computes session key
let client_key = client.compute_key(&server_public).unwrap();
// 5. Server computes session key
let server_key = server.compute_key(&client_public).unwrap();
// Keys match!
assert_eq!(client_key.as_bytes(), server_key.as_bytes());Structs§
- SrpClient
- SRP client state.
- SrpPublic
Key - SRP public key (exchanged over network).
- SrpServer
- SRP server state.
- SrpSession
Key - Session key derived from SRP.
- SrpVerifier
- SRP verifier stored by the server.
Enums§
- SrpError
- SRP error types.
Type Aliases§
- SrpResult
- SRP result type.