{"id":24057778,"url":"https://github.com/esno/srp","last_synced_at":"2025-02-26T12:46:16.610Z","repository":{"id":142321243,"uuid":"425916781","full_name":"esno/srp","owner":"esno","description":"lua secure remote password protocol for WoW emulation","archived":false,"fork":false,"pushed_at":"2023-06-13T17:26:08.000Z","size":42,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-09T05:51:18.736Z","etag":null,"topics":["authentication","lua","srp","wow"],"latest_commit_sha":null,"homepage":"","language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/esno.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["esno"],"ko_fi":"crito"}},"created_at":"2021-11-08T16:42:34.000Z","updated_at":"2022-12-18T16:41:19.000Z","dependencies_parsed_at":null,"dependency_job_id":"4e25f434-be1a-49a4-ac49-5e6c20e89a91","html_url":"https://github.com/esno/srp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esno%2Fsrp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esno%2Fsrp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esno%2Fsrp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esno%2Fsrp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/esno","download_url":"https://codeload.github.com/esno/srp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240858573,"owners_count":19868998,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","lua","srp","wow"],"created_at":"2025-01-09T05:51:01.985Z","updated_at":"2025-02-26T12:46:16.564Z","avatar_url":"https://github.com/esno.png","language":"Lua","funding_links":["https://github.com/sponsors/esno","https://ko-fi.com/crito"],"categories":[],"sub_categories":[],"readme":"# SecureRemotePassword protocol for WoW\n \nSRP is a secure password-based authentication and key-exchange protocol.\nUsing SRP avoids sending the plaintext password unencrypted.\n[This lua module](https://github.com/esno/srp) implements the SRP authentication mechanism for WoW.\n\n## Authentication workflow\n\n    User                                     Host\n     |                                         |\n     |                                         |\n     |   authentication challenge request      | (I)\n     | --------------------------------------\u003e |\n     |                                         |\n     |   authentication challenge response     | (B, g, N, s)\n     | \u003c-------------------------------------- |\n     |                                         |\n     |   authentication logon proof request    | (A, M1)\n     | --------------------------------------\u003e |\n     |                                         |\n     |   authentication logon proof response   | (M2)\n     | \u003c-------------------------------------- |\n     |                                         |\n\n\u003e The host MUST send B after receiving A from the client, never before.\n[RFC2945](https://datatracker.ietf.org/doc/html/rfc2945)\n\nThis is a deviation of the origin SRP specification where [RFC5054](https://datatracker.ietf.org/doc/html/rfc5054)\nrequires to send the host public ephemeral (B) in it's server key exchange message.\n\nFurther information can be read [here](http://srp.stanford.edu/).\n\n### Parameters\n\n    | Parameter | Description                  |\n    | --------- | ---------------------------- |\n    | a         | Private user ephemeral       |\n    |           | 19 byte random number        |\n    | A         | Public user ephemeral        |\n    | b         | Private host ephemeral       |\n    |           | 19 byte random number        |\n    | B         | Public host ephemeral        |\n    | g         | Generator                    |\n    | I         | Identifier                   |\n    |           | The plaintext account name   |\n    | k         | multiplier                   |\n    | K         | The hashed secret key        |\n    | M1        | The first message proof      |\n    | M2        | The second message proof     |\n    | N         | A safe/large prime           |\n    | p         | sha1(USERNAME:PASSWORD)      |\n    |           | Deviates from RFC where p is |\n    |           | the raw password             |\n    | s         | A random salt                |\n    | S         | The session key              |\n    | u         | Random scrambling parameter  |\n    | v         | The password verifier        |\n    | x         | Private key                  |\n    |           | Derived from p and s         |\n\n### Calculate salt and verifier\n\nThe salt (s) is a random 32 byte large number and the verifier (v)\nis calculated as:\n\n    v = g ^ x % N\n\nWhile `N` is a large prime number, it may take a lot of time to compute one\ntherefore most implementations use static values for `g` and `N`.\n\n[MaNGOS](https://getmangos.eu) based emulators are using this values:\n\n    N = 894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7\n    g = 7\n\nThose values could be variable per account since the client extracts them from\nthe initial authentication challenge response. Changing such values afterwards\nwill break already calculated password verifier.\n\nThe value of `x` can be generated as sha1 hash of the salt concatenated with\na sha1 hash of the string `USERNAME:PASSWORD`. The official clients convert\nall lowercase letters into it's uppercase equivalent.\n\n## Build from source\n\nsrp works properly with at least lua 5.3\n\n    $ sudo apt-get install build-essential cmake git libssl-dev\n    $ sudo apt-get install lua5.3 liblua5.3-dev\n\n    $ git clone https://github.com/esno/srp.git \u0026\u0026 cd srp\n    $ mkdir build \u0026\u0026 cd build\n    $ cmake .. \u0026\u0026 make\n    $ sudo make install\n\n### Uninstall\n\n`make install` generates the file `install_manifest.txt` in your build directory.\nThis can be used to delete all installed files.\n\n    $ xargs rm \u003c install_manifest.txt\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fesno%2Fsrp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fesno%2Fsrp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fesno%2Fsrp/lists"}