VerifHub

VerifHub allows Verifpal® users to easily share and discuss Verifpal models of cryptographic protocols. The VerifHub service provides unique URIs for each shared model which includes a syntax-highlighted model, an automatically generated diagram and a summary of the analysis results.

Switch to Diagram View

firefoxsync.vp

Submitted on 28 Jun 20 21:24 UTC.

attacker[active]

principal Computera[
	knows private username
	knows private pass
	knows public salt
	knows private data
	hashedpassword = HASH(pass, salt)
	h1, h2 = HKDF(pass, salt, nil)
	e1 = AEAD_ENC(h1, data, nil)
]

principal Computerb[
]

principal Server[
]

Computera -> Server: username, h2, e1

principal Server[
	h3 = HASH(username, h2)
]

principal Computerb[
	knows private username
	knows private pass
	knows public salt
	usernameb = DEC(pass, ENC(pass, username))
	h1b, h2b = HKDF(pass, salt, nil)
]

Computerb -> Server: usernameb, h2b

principal Server[
	_ = ASSERT(username, usernameb)?
	_ = ASSERT(h3, HASH(usernameb, h2b))?
]

Server -> Computerb: e1

principal Computerb[
	d1 = AEAD_DEC(h1b, e1, nil)?
]

queries[
	confidentiality? data
	authentication? Server -> Computerb: e1
]

Switch to Model View

Title:firefoxsync.vp Note over Computera: knows private username\n knows private pass\n knows public salt\n knows private data\n hashedpassword = HASH(pass, salt)\n h1, h2 = HKDF(pass, salt, nil)\n e1 = AEAD_ENC(h1, data, nil)\n Note over Computerb: Note over Server: Computera -> Server: username, h2, e1 Note over Server: h3 = HASH(username, h2)\n Note over Computerb: knows private username\n knows private pass\n knows public salt\n usernameb = DEC(pass, ENC(pass, username))\n h1b, h2b = HKDF(pass, salt, nil)\n Computerb -> Server: usernameb, h2b Note over Server: _ = ASSERT(username, usernameb)?\n _ = ASSERT(h3, HASH(usernameb, h2b))?\n Server -> Computerb: e1 Note over Computerb: d1 = AEAD_DEC(h1b, e1, nil)?\n

Analysis Results

The model submitter provided the following analysis results:

Query 1 (Confidentiality): PASS
Query 2 (Authentication): PASS

Please note that these results are not verified to be accurate. The model submitter may choose to provide false analysis results if they so desire. It is strongly recommended that you re-run the analysis of this model locally if you wish to verify the authenticity of the analysis results above.

Discuss This Model

© Copyright 2019- Nadim Kobeissi. All Rights Reserved. “Verifpal” and the “Verifpal” logo/mascot are registered trademarks of Nadim Kobeissi. Verifpal software is provided as free and open source software, licensed under the GPLv3. Verifpal User Manual, as well as this website, are provided under the CC BY-NC-ND 4.0 license. Published by Symbolic Software.