[Update 12Aug: I tuned the spStep parameters to generate more relations. Otherwise solving may fail for some target]
See RFC 2945 for details on SRP and this reference for Blizzard’s specific implementation.
g is well-know 47
p is well-know N 112624315653284427036559548610503669920632123929604336254260115573677366691719
q = (p-1)/2
t (target) is your verifier such v = g^x % N
gdlog will give you back a 160bit x, salted SHA1 of username and password such as x = SHA1(s, SHA1(C, “:”, P))
Our gdlog job file is like this:
q: 56312157826642213518279774305251834960316061964802168127130057786838683345859
job:srp
sieveType:page
f0:[ -23817613149476351568408250 7348740330559081441686124 5493570054426813646951125 ]
f1:[ 98 -9 -98 1 ]
m: 3430716947829154018307671961632018816844127594664356203325504368794740097415
skew: 1
# Alpha(f0)=-1.13722 Alpha(f1)=-0.0396682
# E(f0)=0.00028881 E(f1)=1000
# I(f0, S)=58.2395 I(f1, S)=3.99381
# Pair rating =0.00028881
b0:135090
b1:270181
lpb0:337725
lpb1:675452
lpf2exp0: 37
lpf2exp1:39
err_log0:36
err_log1:38
sp0:135090
sp1:202635
spi:0
spStep:100000
lc0Fact:[3 5 5 5 7 11 190253508378417788639]
p1Fact:[2 56312157826642213518279774305251834960316061964802168127130057786838683345859]
t:35873932978976964289906001423519899977549558494468550338642058985871400867383
g:47
Example:
Generate SRP handshake:
g= 47
N= 112624315653284427036559548610503669920632123929604336254260115573677366691719
x= 1424247726466781758056184792317997759091651621231
username:breith
password: ouille
salt: 0x101010101010101010101010101010101010101010101010101010101010101L
v: 0x2847f9a6e5ece61e8c97edd6e0e8d527d0c59991c4f69dcae63aae948b629cd1L
gdlog gives back, after 2 hours on a quad-core i5, for this v:
Logarithm of the 18219683119335387768214778163247823001174424798682531185510722886446717508817 to the 47 is 1424247726466781758056184792317997759091651621231
1424247726466781758056184792317997759091651621231 is indeed our x
