pysrp | Python implementation of the Secure Remote Password protocol | Authentication library

by cocagne Python Version: 1.0.19 License: MIT

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | pysrp Summary

pysrp is a Python library typically used in Security, Authentication applications. pysrp has no bugs, it has build file available, it has a Permissive License and it has low support. However pysrp has 1 vulnerabilities. You can install using 'pip install pysrp' or download it from GitHub, PyPI.

SRP is a cryptographically strong authentication protocol for password-based, mutual authentication over an insecure network connection. Unlike other common challenge-response autentication protocols, such as Kerberos and SSL, SRP does not rely on an external infrastructure of trusted key servers or certificate management. Instead, SRP server applications use verification keys derived from each user’s password to determine the authenticity of a network connection. SRP provides mutual-authentication in that successful authentication requires both sides of the connection to have knowledge of the user’s password. If the client side lacks the user’s password or the server side lacks the proper verification key, the authentication will fail. Unlike SSL, SRP does not directly encrypt all data flowing through the authenticated connection. However, successful authentication does result in a cryptographically strong shared key that can be used for symmetric-key encryption. For a full description of the pysrp package and the SRP protocol, please refer to the [pysrp documentation] Note: RFC5054 now provides the de-facto standard for the hashing algorithm used for interoperable SRP implementations. When using pysrp to interact with another SRP implementation, use the srp.rfc5054_enable() method to enable RFC5054 compatibility. Otherwise a pysrp-specific default implementation will be used.

Support

Quality

Security

License

Reuse

Support

pysrp has a low active ecosystem.

It has 105 star(s) with 40 fork(s). There are 8 watchers for this library.

It had no major release in the last 6 months.

There are 10 open issues and 13 have been closed. On average issues are closed in 355 days. There are 2 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of pysrp is 1.0.19

Quality

pysrp has 0 bugs and 0 code smells.

Security

pysrp has 1 vulnerability issues reported (0 critical, 1 high, 0 medium, 0 low).

pysrp code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

pysrp is licensed under the MIT License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

pysrp releases are not available. You will need to build from source code and install.

Deployable package is available in PyPI.

Build file is available. You can build the component from source.

Installation instructions are not available. Examples and code snippets are available.

pysrp saves you 444 person hours of effort in developing the same functionality from scratch.

It has 1049 lines of code, 89 functions and 6 files.

It has high code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed pysrp and discovered the below as its top functions. This is intended to give you an instant insight into pysrp implemented functionality, and help decide if they suit your requirements.

Create a salt verification key
Convert bytes to a long integer
Generate a random number of bytes
Binary division
Number of bytes
Returns the constant value for the ng_type
Calculate and return the N - gram
Convert a binary number to a byte string
Generate X
Calculate the hash of a binary string
Calculate X
Convert an integer to bytes
Generate a hash of the given arguments
Compute the binary hash
Load a function from SSL
Generate a hexdigest hash of two strings
Compute the hash of the given hash
Return a random n bytes

Get all kandi verified functions for this library.

pysrp Key Features

No Key Features are available at this moment for pysrp.

pysrp Examples and Code Snippets

No Code Snippets are available at this moment for pysrp.

Community Discussions

Trending Discussions on pysrp

implementing USER_SRP_AUTH with python boto3 for AWS Cognito

QUESTION

implementing USER_SRP_AUTH with python boto3 for AWS Cognito

Asked 2017-Sep-28 at 11:28

Amazon provides iOS, Android, and Javascript Cognito SDKs that offer a high-level authenticate-user operation.

For example, see Use Case 4 here:

https://github.com/aws/amazon-cognito-identity-js

However, if you are using python/boto3, all you get are a pair of primitives: cognito.initiate_auth and cognito.respond_to_auth_challenge.

I am trying to use these primitives along with the pysrp lib authenticate with the USER_SRP_AUTH flow, but what I have is not working.

It always fails with "An error occurred (NotAuthorizedException) when calling the RespondToAuthChallenge operation: Incorrect username or password." (The username/password pair work find with the JS SDK.)

My suspicion is I'm constructing the challenge response wrong (step 3), and/or passing Congito hex strings when it wants base64 or vice versa.

Has anyone gotten this working? Anyone see what I'm doing wrong?

I am trying to copy the behavior of the authenticateUser call found in the Javascript SDK:

https://github.com/aws/amazon-cognito-identity-js/blob/master/src/CognitoUser.js#L138

but I'm doing something wrong and can't figure out what.

...

ANSWER

Answered 2017-Jan-09 at 18:50

Unfortunately it's a hard problem since you don't get any hints from the service with regards to the computations (it mainly says not authorized as you mentioned).

We are working on improving the developer experience when users are trying to implement SRP on their own in languages where we don't have an SDK. Also, we are trying to add more SDKs.

As daunting as it sounds, what I would suggest is to take the Javascript or the Android SDK, fix the inputs (SRP_A, SRP_B, TIMESTAMP) and add console.log statements at various points in the implementation to make sure your computations are similar. Then you would run these computations in your implementation and make sure you are getting the same. As you have suggested, the password claim signature needs to be passed as a base64 encoded string to the service so that might be one of the issues.

Some of the issues I encountered while implementing this was related to BigInteger library differences (the way they do byte padding and transform negative numbers to byte arrays and inversely).

Source https://stackoverflow.com/questions/41526205

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install pysrp

You can install using 'pip install pysrp' or download it from GitHub, PyPI.
You can use pysrp like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: