Protocol implementation fails at random
Opened this issue · 3 comments
Hi
I have implemented your protocol implementation in my new product at:
My problem is that the srp6a protocol fail from time to time (about 1 in 10)
Also your demo code at:
https://pcrypt.org/dev/rod/srp6a/register.php
Fail some times (about the same rate)
srpm value is different for client and server.
I have tried to trace down where the problem is located and think it is on the PHP server side as different browsers do not seam to make any change, but finding the real problem seam to be very difficult - for me at least :-)
Do you have any hint about where the problem may be located?
BTW: both sites have hard coded login information!
Thank you
Benny
Hey @beastybeast I wasn't touching this code for a long time, I'll try to check If I'll be able to find something :) There was a problem fixed in #2 by @simbo1905, maybe he can suggest something also.
Intermittent errors between client and server code could be how leading zeros are handled converting between hash hex strings and big decimal numbers. The thinbus-srp JS lib fixed a few such issues. It has a PHP demo which is a fork of this codebase so you may want to switch to that as it is actively supported and the JS lib is used by at least one large online retail store https://bitbucket.org/simon_massey/thinbus-php/overview
I have downloaded the latest version and it is still the same error randomly.
Maybe a bit less but too small a sample to really judge.