Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

PARASITE - Password Recovery Attack Against SRP Implementations in the Wild

TheIACR via YouTube

Start learning Write review
CodeSignal Ad

Learn Generative AI, Prompt Engineering, and LLMs for Free

Learn More → Babbel Ad

You’re only 3 weeks away from a new language

Learn More →

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore a comprehensive analysis of Password Recovery Attacks against SRP Implementations in the Wild in this 29-minute conference talk from the Workshop on Attacks in Cryptography 2021. Delve into the intricacies of Password-Authenticated Key Exchange (PAKE) protocols, focusing on the Secure Remote Password (SRP) protocol. Examine the FLUSH+RELOAD technique, modular exponentiation in OpenSSL, and optimized square-and-multiply algorithms. Understand the attacker model, classical workflow, trace acquisition, and interpretation methods. Discover the impact on various projects and programming languages, and learn about potential mitigations and the patching process for enhanced security.

Syllabus

Intro
A Few Words About PAKES
Why Looking at PAKES?
What about SRP?
SRP Protocol Overview
Contributions
FLUSH+RELOAD
Our Main Result
Modular exponentiation in OpenSSL
Optimized Square-and-Multiply
Attacker Model
Classical Workflow
Trace Acquisition
Trace Interpretation
Dictionary Attack
Single Measurement Attack
Impacted Projects
Impacted Languages
Mitigations
Patching process
Conclusion

Taught by

TheIACR

Reviews

Start your review of PARASITE - Password Recovery Attack Against SRP Implementations in the Wild

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.