the cryptopals crypto challenges

Offline dictionary attack on simplified SRP

S 
x = SHA256(salt|password)
    v = g**x % n
C->S 
I, A = g**a % n
S->C 
salt, B = g**b % n, u = 128 bit random number
C 
x = SHA256(salt|password)
    S = B**(a + ux) % n
    K = SHA256(S)
S 
S = (A * v ** u)**b % n
    K = SHA256(S)
C->S
Send HMAC-SHA256(K, salt)
S->C
Send "OK" if HMAC-SHA256(K, salt) validates

Note that in this protocol, the server's "B" parameter doesn't depend on the password (it's just a Diffie Hellman public key).

Make sure the protocol works given a valid password.

Now, run the protocol as a MITM attacker: pose as the server and use arbitrary values for b, B, u, and salt.

Crack the password from A's HMAC-SHA256(K, salt).

Cryptography Services | NCC Group