Feature request: Methods to validate salt/verifier on sign up

Question

Feature request: Methods to validate salt/verifier on sign up

alexrp opened this issue 5 years ago · comments

Alex Rønne Petersen commented 5 years ago

Right now, I have code looking like the following when processing sign-ups on the server:

string salt = ..., verifier = ...;

var param = SrpParameters.Create8192<SHA512>();
var valid = salt.Length == param.HashSizeBytes * 2 && verifier.Length == param.PaddedLength;

try
{
    _ = new SrpInteger(salt);
    _ = new SrpInteger(verifier);
}
catch (Exception)
{
    valid = false;
}

if (valid)
{
    // Save to DB...
}

It would be convenient if the library exposed methods to do this kind of validation.

Alexey Yakovlev · Answer 1 · Wed Jan 22 2020 13:55:11 GMT+0800 (China Standard Time)

Hello @alexrp,

What's the proposed API?
Something like this?

srpParameters.IsValidSalt(salt);
srpParameters.IsValidVerifier(verifier);

Alex Rønne Petersen · Answer 2 · Wed Jan 22 2020 13:58:14 GMT+0800 (China Standard Time)

That looks reasonable.

Alexey Yakovlev · Answer 3 · Thu Jan 23 2020 17:06:03 GMT+0800 (China Standard Time)

Here you are: https://www.nuget.org/packages/srp/1.0.5

if (param.IsValidSalt(salt) && param.IsValidVerifier(verifier))
{
    // Save to DB...
}