iSCSI: SRP s vs. S

[Black_David@emc.com]

> > > 10.4 SRP: N,g,s,A,B,M and H(A | M | K) are binary-values
> > > 10.5 CHAP: C and R are binary-values
> > 
> > The only ones of these that should routinely fit in 64 bits are SRP's
> > g (usually a small integer, even though it's mathematically a member of
> > a very large binary field - I think Paul Koning missed the fact that
> > generators tend to be single-digit numbers) and s (doesn't need to be
> > a large number to get the job done). 
> 
> You're right about g.  As for S, it's the result of an exponentiation
> modulo N, so it's no more likely to be a small integer than the other
> SRP intermediate values.  Note that values supplied by the other end
> are involved (as in conventional D-H) so you don't have the ability to
> constrain your implementation to produce small S values.

Paul - please recheck RFC 2945, as you may have confused s (lower case)
with S (upper case).  s (lower case) is the <salt from passwd file> and
is what goes across the wire.  S (upper case) is an intermediate in the
SRP computations that should be identical on both sides, but is *not*
sent across the wire (good thing too, as the session key(s) can easily
be determined from knowledge of it).  s (lower case) need not be a big
number to get the job done, and would be ok to send in decimal, although
my first reaction to "salt from passwd file" would be to use hex.

Thanks,
--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449            FAX: +1 (508) 497-8018
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------