PitchHut
Log in / Sign up
secure-remote-password-js
6 views
Securely Authenticating: Modern Password Protection for Bun Applications
Preview url
Visit project
Pitch

Unlock the power of secure remote password authentication with our TypeScript library for Bun. Utilizing the robust SRP protocol, our implementation ensures both your client and server communicate securely. With advanced configuration options, including strong Key Derivation Functions, you can elevate your app's security while maintaining user-friendly access.

Description

The secure-remote-password-js library provides a modern implementation of the secure remote password (SRP) protocol for both client and server applications using TypeScript. This library draws inspiration from 1Password's very effective SRP library, ensuring a robust and secure way to handle authentication without exposing passwords.

Key Features

  • Client and Server Support: This library seamlessly integrates with both Bun clients and servers, making it a comprehensive solution for secure authentication.
  • RFC 5054 Groups: The library offers support for RFC 5054 groups between 2048 and 8192 bits, with a recommendation for using groups of 4096 bits or more for enhanced security.
  • Versatile Key Derivation Function (KDF): While the library provides a testing KDF, you have the option to implement a strong KDF like Argon2id, bcrypt, or scrypt in production environments. It is advised to use @phi-ag/argon2 for a reliable Argon2 implementation.

How It Works

The secure remote password protocol allows for secure communication over potentially insecure channels. Here’s a brief overview of the implementation steps:

  1. Choose a Cryptographic Group: Select a secure group for cryptographic operations using: 
    import { knownGroups } from "secure-remote-password-js";
const group = knownGroups[4096];
  2. Initialize Key Derivation: Use a powerful KDF to derive secure hashes of passwords.
  3. Set Up SRP Client: Create instances on both client and server, ensuring they can exchange keys and authenticate each other: 
    const client = new SrpClient(knownGroups[4096], x, undefined, "client");
const verifier = client.verifier();
const server = new SrpClient(knownGroups[4096], verifier, undefined, "server");
  4. Public Key Exchange: Safely exchange public keys to establish a shared session key.
  5. Shared Session Key: Both parties can generate and utilize a shared session key for subsequent secure communication.
  6. Authentication Confirmation: Both entities confirm that they possess the same shared key, thereby ensuring mutual authentication: 
    const serverIsLegit = client.goodServerProof(salt, username, serverProof);
const clientIsLegit = server.goodClientProof(clientProof);

Conclusion

The secure-remote-password-js library harnesses the power of modern cryptography to facilitate secure password handling, making it ideal for developers looking to enhance the security of their applications. With easy integration for Bun clients and an extensible codebase, you can implement secure authentication processes with confidence.