NLS/SRP Protocol

The New Logon System (NLS) is based on the Secure Remote Password protocol (SRP) which was designed to obviate the need to send a password, or its cryptographic equivalent, across a network. This page exists to provide a basic introduction to this protocol. For detailed
explanations and information, see RFC 2945.

The Random Value / Private Key (a/b)

The Client Key (A)

The Server Key (B)

The Generator (g)

The Modulus (N)

The Salt (s)

The Verifier (v)

Username & Password Hash (x)

Scrambler (u)

The Shared Secret (S)

Password Proof (K)

Client Password Proof (M1)

Server Password Proof (M2)

Most of the information on this page has come from iago's notes. For more, see his page on the topic.

A Java implementation of the algorithm (using code directly from iago's notes) can be found in JBLS.

A Python implementation can be found in Davnit's

| Edited: Sixen



Constants for Battle.Net 2.0

Now SRP uses 1 kbit modulus instead of 256 bit.