|
|
| Line 1: |
Line 1: |
| {{more footnotes|date=January 2013}}
| | It is very common to have a dental emergency -- a fractured tooth, an abscess, or severe pain when chewing. Over-the-counter pain medication is just masking the problem. Seeing an emergency dentist is critical to getting the source of the problem diagnosed and corrected as soon as possible.<br><br><br><br>Here are some common dental emergencies:<br>Toothache: The most common dental emergency. This generally means a badly decayed tooth. As the pain affects the tooth's nerve, treatment involves gently removing any debris lodged in the cavity being careful not to poke deep as this will cause severe pain if the nerve is touched. Next rinse vigorously with warm water. Then soak a small piece of cotton in oil of cloves and insert it in the cavity. This will give temporary relief until a dentist can be reached.<br><br>At times the pain may have a more obscure location such as decay under an old filling. As this can be only corrected by a dentist there are two things you can do to help the pain. Administer a pain pill (aspirin or some other analgesic) internally or dissolve a tablet in a half glass (4 oz) of warm water holding it in the mouth for several minutes before spitting it out. DO NOT PLACE A WHOLE TABLET OR ANY PART OF IT IN THE TOOTH OR AGAINST THE SOFT GUM TISSUE AS IT WILL RESULT IN A NASTY BURN.<br><br>Swollen Jaw: This may be caused by several conditions the most probable being an abscessed tooth. In any case the treatment should be to reduce pain and swelling. An ice pack held on the outside of the jaw, (ten minutes on and ten minutes off) will take care of both. If this does not control the pain, an analgesic tablet can be given every four hours.<br><br>Other Oral Injuries: Broken teeth, cut lips, bitten tongue or lips if severe means a trip to a dentist as soon as possible. In the mean time rinse the mouth with warm water and place cold compression the face opposite the injury. If there is a lot of bleeding, apply direct pressure to the bleeding area. If bleeding does not stop get patient to the emergency room of a hospital as stitches may be necessary.<br><br>Prolonged Bleeding Following Extraction: Place a gauze pad or better still a moistened tea bag over the socket and have the patient bite down gently on it for 30 to 45 minutes. The tannic acid in the tea seeps into the tissues and often helps stop the bleeding. If bleeding continues after two hours, call the dentist or take patient to the emergency room of the nearest hospital.<br><br>Broken Jaw: If you suspect the patient's jaw is broken, bring the upper and lower teeth together. Put a necktie, handkerchief or towel under the chin, tying it over the head to immobilize the jaw until you can get the patient to a dentist or the emergency room of a hospital.<br><br>Painful Erupting Tooth: In young children teething pain can come from a loose baby tooth or from an erupting permanent tooth. Some relief can be given by crushing a little ice and wrapping it in gauze or a clean piece of cloth and putting it directly on the tooth or gum tissue where it hurts. The numbing effect of the cold, along with an appropriate dose of aspirin, usually provides temporary relief.<br><br>In young adults, an erupting 3rd molar (Wisdom tooth), especially if it is impacted, can cause the jaw to swell and be quite painful. Often the gum around the tooth will show signs of infection. Temporary relief can be had by giving aspirin or some other painkiller and by dissolving an aspirin in half a glass of warm water and holding this solution in the mouth over the sore gum. AGAIN DO NOT PLACE A TABLET DIRECTLY OVER THE GUM OR CHEEK OR USE THE ASPIRIN SOLUTION ANY STRONGER THAN RECOMMENDED TO PREVENT BURNING THE TISSUE. The swelling of the jaw can be reduced by using an ice pack on the outside of the face at intervals of ten minutes on and ten minutes off.<br><br>If you enjoyed this article and you would certainly such as to receive more details concerning [http://www.youtube.com/watch?v=90z1mmiwNS8 dentist DC] kindly see our page. |
| The '''Secure Remote Password protocol''' ('''SRP''') is an augmented [[password-authenticated key agreement]] (PAKE) protocol, specifically designed to work around existing patents.<ref>{{cite web
| |
| | url = http://srp.stanford.edu/whatisit.html
| |
| | title = What is SRP?
| |
| | publisher= [[Stanford University]]
| |
| }}</ref>
| |
| | |
| Like all augmented PAKE protocols, an eavesdropper or man in the middle cannot obtain enough information to be able to brute force guess a password without further interactions with the parties for each guess. This means that strong security can be obtained using weak passwords. Furthermore the server does not store password-equivalent data. This means that an attacker who steals the server data cannot masquerade as the client unless they first perform a brute force search for the password.
| |
| | |
| == Overview ==
| |
| | |
| The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to [[dictionary attack]]s mounted by an eavesdropper, and it does not require a [[trusted third party]]. It effectively conveys a [[zero-knowledge password proof]] from the user to the server. In revision 6 of the protocol only one password can be guessed per connection attempt. One of the interesting properties of the protocol is that even if one or two of the cryptographic primitives it uses are attacked, it is still secure. The SRP protocol has been revised several times, and is currently at revision 6a.
| |
| | |
| The SRP protocol creates a large private key shared between the two parties in a manner similar to [[Diffie–Hellman key exchange]], then verifies to both parties that the two keys are identical and that both sides have the user's password. In cases where encrypted communications as well as authentication are required, the SRP protocol is more secure than the alternative [[Secure Shell|SSH]] protocol and faster than using Diffie–Hellman key exchange with signed messages. It is also independent of third parties, unlike [[Kerberos (protocol)|Kerberos]]. The SRP protocol, version 3 is described in RFC 2945. SRP version 6 is also used for strong password authentication in [[Transport Layer Security|SSL/TLS]]<ref>{{cite web
| |
| | url = http://tools.ietf.org/html/rfc5054
| |
| | title = Using the Secure Remote Password (SRP) Protocol for TLS Authentication
| |
| | first = David | last = Taylor | coauthors = Tom Wu; Nikos Mavrogiannopoulos; Trevor Perrin
| |
| |date=November 2007
| |
| }} RFC 5054</ref> (in [[TLS-SRP]]) and other standards such as [[Extensible Authentication Protocol|EAP]]<ref>{{cite web
| |
| | title = EAP SRP-SHA1 Authentication Protocol
| |
| | url = http://tools.ietf.org/html/draft-ietf-pppext-eap-srp-03
| |
| | first = James | last = Carlson | coauthors = Bernard Aboba; Henry Haverinen
| |
| |date=July 2001 | publisher = IETF
| |
| }} Draft.</ref> and [[Security Assertion Markup Language|SAML]], and is being standardized in [[IEEE P1363]] and ISO/IEC 11770-4.
| |
| | |
| == Protocol ==
| |
| The following notation is used in this description of the protocol, version 6:
| |
| | |
| * ''q'' and ''N'' = 2''q'' + 1 are chosen such that both are prime (which makes ''q'' a [[Sophie Germain prime]] and ''N'' a [[safe prime]]). ''N'' must be large enough so that computing discrete logarithms modulo ''N'' is infeasible.
| |
| * All arithmetic is performed in the ring of integers modulo ''N'', <math>\scriptstyle \mathbb{Z}_N</math>.
| |
| * ''g'' is a [[Multiplicative group of integers modulo n#Generators|generator of the multiplicative group]].
| |
| * ''H''() is a [[Cryptographic hash function|hash]] function; e.g., SHA-256.
| |
| * ''k'' is a parameter derived by both sides; for example, ''k'' = ''H''(''N'', ''g''). This creates an asymmetry between the client and server sides of the protocol, meaning a man-in-the-middle attacker only gets 1 verification attempt per impersonation, rather than 2.
| |
| * ''s'' is a small [[salt (cryptography)|salt]].
| |
| * ''I'' is an identifying username.
| |
| * ''p'' is the user's password.
| |
| * ''v'' is the host's password verifier, ''v'' = ''g''<sup>x</sup>, ''x'' = ''H''(''s'', ''p''). Usage of [[key derivation function]]s like [[PBKDF2]] instead of simple hash functions for password hashing is highly recommended, taking into account that they only have to be computed on the client.
| |
| * ''a'' and ''b'' are random.
| |
| * | denotes concatenation.
| |
| | |
| All other variables are defined in terms of these.
| |
| | |
| First, to establish a password ''p'' with Steve, Carol picks a small random salt ''s'', and computes ''x'' = ''H''(''s'', ''p''), ''v'' = ''g''<sup>x</sup>. Steve stores ''v'' and ''s'', indexed by ''I'', as Carol's password verifier and salt. ''x'' is discarded because it is equivalent to the plaintext password ''p''. This step is completed before the system is used.
| |
| | |
| # Carol → Steve: ''I'' and ''A'' = ''g''<sup>a</sup>
| |
| # Steve → Carol: ''s'' and ''B'' = ''kv'' + ''g''<sup>b</sup>
| |
| # Both: ''u'' = ''H''(''A'', ''B'')
| |
| # Carol: ''S''<sub>Carol</sub> = (''B'' − ''kg''<sup>x</sup>)<sup>(a + ux)</sup> = (''kv'' + ''g''<sup>b</sup> − ''kg''<sup>x</sup>)<sup>(a + ux)</sup> = (''kg''<sup>x</sup> − ''kg''<sup>x</sup> + ''g''<sup>b</sup>)<sup>(a + ux)</sup> = (''g''<sup>b</sup>)<sup>(a + ux)</sup>
| |
| # Carol: ''K''<sub>Carol</sub> = ''H''(''S''<sub>Carol</sub>)
| |
| # Steve: ''S''<sub>Steve</sub> = (''Av''<sup>u</sup>)<sup>b</sup> = (''g''<sup>a</sup>''v''<sup>u</sup>)<sup>b</sup> = [''g''<sup>a</sup>(''g''<sup>x</sup>)<sup>u</sup>]<sup>b</sup> = (''g''<sup>a + ux</sup>)<sup>b</sup> = (''g''<sup>b</sup>)<sup>(a + ux)</sup>
| |
| # Steve: ''K''<sub>Steve</sub> = ''H''(''S''<sub>Steve</sub>) = ''K''<sub>Carol</sub>
| |
| | |
| Now the two parties have a shared, strong session key ''K''. To complete authentication, they need to prove to each other that their keys match. One possible way is as follows:
| |
| | |
| # Carol → Steve: ''M''<sub>1</sub> = ''H''[''H''(''N'') XOR ''H''(''g'') | ''H''(''I'') | ''s'' | ''A'' | ''B'' | ''K''<sub>Carol</sub>]. Steve verifies ''M''<sub>1</sub>.
| |
| # Steve → Carol: ''M''<sub>2</sub> = ''H''(''A'' | ''M''<sub>1</sub> | ''K''<sub>Steve</sub>). Carol verifies ''M''<sub>2</sub>.
| |
| | |
| This method requires guessing more of the shared state to be successful in impersonation than just the key. While most of the additional state is public, private information could safely be added to the inputs to the hash function, like the server private key. The two parties also employ the following safeguards:
| |
| | |
| # Carol will abort if she receives ''B'' == ''0'' (mod ''N'') or ''u'' == ''0''.
| |
| # Steve will abort if he receives ''A'' (mod ''N'') == 0.
| |
| # Carol must show her proof of ''K'' first. If Steve detects that Carol's proof is incorrect, he must abort without showing his own proof of ''K''.
| |
| | |
| === Implementation example in Python ===
| |
| <source lang="python"> | |
| # An example SRP-6a authentication
| |
| # WARNING: Do not use for real cryptographic purposes beyond testing.
| |
| # based on http://srp.stanford.edu/design.html
| |
| import hashlib
| |
| import random
| |
| | |
| def global_print(*names):
| |
| x = lambda s: ["%s", "0x%x"][isinstance(s, long)] % s
| |
| print "".join("%s = %s\n" % (name, x(globals()[name])) for name in names)
| |
| | |
| # note: str converts as is, str( [1,2,3,4] ) will convert to "[1,2,3,4]"
| |
| def H(*a): # a one-way hash function
| |
| return int(hashlib.sha256(str(a)).hexdigest(), 16)
| |
| | |
| def cryptrand(n=1024):
| |
| return random.SystemRandom().getrandbits(n) % N
| |
| | |
| # A large safe prime (N = 2q+1, where q is prime)
| |
| # All arithmetic is done modulo N
| |
| # (generated using "openssl dhparam -text 1024")
| |
| N = '''00:c0:37:c3:75:88:b4:32:98:87:e6:1c:2d:a3:32:
| |
| 4b:1b:a4:b8:1a:63:f9:74:8f:ed:2d:8a:41:0c:2f:
| |
| c2:1b:12:32:f0:d3:bf:a0:24:27:6c:fd:88:44:81:
| |
| 97:aa:e4:86:a6:3b:fc:a7:b8:bf:77:54:df:b3:27:
| |
| c7:20:1f:6f:d1:7f:d7:fd:74:15:8b:d3:1c:e7:72:
| |
| c9:f5:f8:ab:58:45:48:a9:9a:75:9b:5a:2c:05:32:
| |
| 16:2b:7b:62:18:e8:f1:42:bc:e2:c3:0d:77:84:68:
| |
| 9a:48:3e:09:5e:70:16:18:43:79:13:a8:c3:9c:3d:
| |
| d0:d4:ca:3c:50:0b:88:5f:e3'''
| |
| N = int(''.join(N.split()).replace(':', ''), 16)
| |
| g = 2 # A generator modulo N
| |
| | |
| k = H(N, g) # Multiplier parameter (k=3 in legacy SRP-6)
| |
| | |
| print "#. H, N, g, and k are known beforehand to both client and server:"
| |
| global_print("H", "N", "g", "k")
| |
| | |
| print "0. server stores (I, s, v) in its password database"
| |
| | |
| # the server must first generate the password verifier
| |
| I = "person" # Username
| |
| p = "password1234" # Password
| |
| s = cryptrand(64) # Salt for the user
| |
| x = H(s, p) # Private key
| |
| v = pow(g, x, N) # Password verifier
| |
| global_print("I", "p", "s", "x", "v")
| |
| | |
| print "1. client sends username I and public ephemeral value A to the server"
| |
| a = cryptrand()
| |
| A = pow(g, a, N)
| |
| global_print("I", "A") # client->server (I, A)
| |
| | |
| print "2. server sends user's salt s and public ephemeral value B to client"
| |
| b = cryptrand()
| |
| B = (k * v + pow(g, b, N)) % N
| |
| global_print("s", "B") # server->client (s, B)
| |
| | |
| print "3. client and server calculate the random scrambling parameter"
| |
| u = H(A, B) # Random scrambling parameter
| |
| global_print("u")
| |
| | |
| print "4. client computes session key"
| |
| x = H(s, p)
| |
| S_c = pow(B - k * pow(g, x, N), a + u * x, N)
| |
| K_c = H(S_c)
| |
| global_print("S_c", "K_c")
| |
| | |
| print "5. server computes session key"
| |
| S_s = pow(A * pow(v, u, N), b, N)
| |
| K_s = H(S_s)
| |
| global_print("S_s", "K_s")
| |
| | |
| print "6. client sends proof of session key to server"
| |
| M_c = H(H(N) ^ H(g), H(I), s, A, B, K_c)
| |
| global_print("M_c")
| |
| # client->server (M_c) ; server verifies M_c
| |
| | |
| print "7. server sends proof of session key to client"
| |
| M_s = H(A, M_c, K_s)
| |
| global_print("M_s")
| |
| # server->client (M_s) ; client verifies M_s
| |
| </source>
| |
| | |
| === Implementations ===
| |
| * [[OpenSSL]] version 1.0.1 or later.
| |
| * [[TLS-SRP]] is a set of ciphersuites for [[transport layer security]] that uses SRP.
| |
| * [https://github.com/symeapp/srp-client srp-client] SRP-6a implementation in [[JavaScript|Javascript]] (compatible with RFC 5054), open source, [[Mozilla Public License|MPL]] licensed.
| |
| * The [http://www.clipperz.com/open_source/javascript_crypto_library JavaScript Crypto Library] includes a JavaScript implementation of the SRP protocol, open source, [[GNU General Public License|GPL]] licensed. Used in [http://www.clipperz.com Clipperz online password manager].
| |
| * [http://www.gnu.org/software/gnu-crypto/ Gnu Crypto] provide a [[Java (programming language)|Java]] implementation licensed under the [[GNU General Public License]] with the "library exception", which permits its use as a library in conjunction with non-Free software.
| |
| * [[Bouncy Castle (cryptography)|The Legion of the Bouncy Castle]] provides Java and [[C Sharp (programming language)|C#]] implementations under the [[MIT License]].
| |
| * [http://software.dzhuvinov.com/nimbus-srp.html Nimbus SRP] is a Java library providing a verifier generator, client and server-side sessions. Includes interfaces for custom password key, client and server evidence message routines. No external dependencies. Released under the [[GNU General Public License]] and a proprietary license.
| |
| * [http://code.google.com/p/srplibcpp/ srplibcpp] is a C++ implement base on [[MIRACL (software)|MIRACL]].
| |
| * [https://github.com/slechta/DragonSRP/ DragonSRP] is a C++ modular implementation currently works with [[OpenSSL]]
| |
| * [[Json2Ldap]] provides SRP-6a authentication to [[Lightweight Directory Access Protocol|LDAP]] directory servers.
| |
| * [http://code.google.com/p/csrp/ csrp] SRP-6a implementation in C.
| |
| * [http://code.google.com/p/pysrp/ pysrp] SRP-6a implementation in [[Python_(programming_language)|Python]] (compatible with [http://code.google.com/p/csrp/ csrp]).
| |
| * [https://github.com/lamikae/srp-rb srp-rb] SRP-6a implementation in [[Ruby_(programming_language)|Ruby]]
| |
| * [http://meteor.com/ Meteor] web framework's Accounts system implements SRP for password authentication.
| |
| | |
| == References ==
| |
| <references /> | |
| | |
| == External links ==
| |
| * {{Official website|http://srp.stanford.edu}}
| |
| * [http://srp.stanford.edu/license.txt SRP License] -- BSD like open source.
| |
| | |
| === Manual pages ===
| |
| * {{man|8|pppd||Point-to-Point Protocol Daemon}}
| |
| * {{man|1|srptool||Simple SRP password tool}}
| |
| | |
| === RFCs ===
| |
| * RFC 2944 - Telnet Authentication: SRP
| |
| * RFC 2945 - The SRP Authentication and Key Exchange System
| |
| * RFC 3720 - Internet Small Computer Systems Interface (iSCSI)
| |
| * RFC 3723 - Securing Block Storage Protocols over IP
| |
| * RFC 3669 - Guidelines for Working Groups on Intellectual Property Issues
| |
| * RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication
| |
| | |
| === Other links ===
| |
| * [http://grouper.ieee.org/groups/1363/ IEEE 1363]
| |
| * [http://www.pdl.cmu.edu/mailinglists/ips/mail/msg08027.html SRP Intellectual Property Slides (Dec 2001 - possible deprecated)]
| |
| * [http://trustedhttp.org Trusted HTTP] -- website and wiki about implementing [[TLS-SRP]] in libraries ([[GnuTLS]], [[OpenSSL]], [[Network Security Services|NSS]], [[Python (programming language)|Python]]), servers ([[Apache HTTP Server|Apache]]), and clients ([[CURL|curl]], [[Firefox]], [[Google Chrome|Chrome]])
| |
| | |
| {{Cryptography navbox | public-key}}
| |
| | |
| [[Category:Key-agreement protocols]]
| |
| [[Category:Password authentication]]
| |