Re-authentication using the session key generated by SRP.
- From: "calum" <calum.mitchell@xxxxxxxxx>
- Date: 6 Apr 2006 02:59:32 -0700
In a client/server application which requires the client to be
authenticated to the (login) server I'm using the SRP protocol to do
the authentication. During SRP a shared secret session key is generated
on the client and the login server.
In situations where the client is disconnected from the login server
and wants to reconnect/reauthenticate, or the client wishes to
disconnect from the login server and connect to another server I'm
hoping to use the session key to do a more lightweight form of
authentication (lightweight in terms of CPU cost and number of messages
exchanged).
Are their problems with the following scheme and if there are could you
point me in the direction of a better way of doing this?
After SRP the login server sends the client some value v (in my case
I'm thinking of using a timestamp) and the login server stores this
value v. If the client is disconnected from the login server, he
reconnects and sends a hash of the value using the session key H(v,sk).
The login server hashes the value it stored using the session key
H(v,sk) and if the values match authentication is successful and the
login server generates a new value and sends it to the client to be
used the next time.
.
- Prev by Date: Re: Google groups ref
- Next by Date: Re: 64-bit AES
- Previous by thread: Google groups ref
- Next by thread: CTR and disk sector encryption
- Index(es):
Relevant Pages
|
