AWS Security ChangesHomeSearch

AWS cognito high security documentation change

Service: cognito · 2025-05-16 · Security-related high

File: cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.md

Summary

Updated pseudocode and added guidance for generating SRP secrets specific to device authentication. Changes include using HKDF_HMAC_SHA256 for key derivation, explicit big-endian encoding, and distinct SRP parameters for devices.

Security assessment

The changes enforce proper cryptographic practices (HKDF instead of plain SHA256 for K_USER) and mandate device-specific SRP secrets to prevent credential reuse. This addresses potential authentication vulnerabilities by isolating device credentials from user credentials and improving key derivation security.

Diff

diff --git a/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.md b/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.md
index 9146ef88f..5d03d06e6 100644
--- a//cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.md
+++ b//cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.md
@@ -129 +129 @@ To perform device authentication in a flow that uses [Custom authentication chal
-The following pseudocode demonstrates how to calculate values for your `DEVICE_PASSWORD_VERIFIER` challenge response.
+The following pseudocode demonstrates how to calculate values for your `DEVICE_PASSWORD_VERIFIER` challenge response. For SRP authentication with a device, generate a _new_ SRP secret for your user: a fresh high-entropy password `DeviceSecret`, a salt, and the associated password verifier. These values are distinct from the password, salt, and verifier used for the user's SRP authentication. They are only used for device authentication and are only stored on the device. Functions for generating the SRP secrets for users' devices are available in [SRP libraries](https://github.com/secure-remote-password/implementations) that are available in various SDKs.
@@ -133,7 +133,7 @@ The following pseudocode demonstrates how to calculate values for your `DEVICE_P
-    TIMESTAMP = Tue Sep 25 00:09:40 UTC 2018
-    PASSWORD_CLAIM_SIGNATURE = Base64(SHA256_HMAC(K_USER, DeviceGroupKey + DeviceKey + PASSWORD_CLAIM_SECRET_BLOCK + TIMESTAMP))
-    K_USER = SHA256_HASH(S_USER)
-    S_USER = (SRP_B - k * gx)(a + ux)
-    x = SHA256_HASH(salt + FULL_PASSWORD)
-    u = SHA256_HASH(SRP_A + SRP_B)
-    k = SHA256_HASH(N + g)
+    TIMESTAMP = "Tue May 27 00:09:40 UTC 2025"
+    k = SHA256(N || g) as a non-negative integer in big-endian
+    u = SHA256(SRP_A || SRP_B) as a non-negative integer in big-endian
+    x = SHA256(salt || SHA256(DeviceGroupKey || DeviceKey || ":" || DeviceSecret)) as a non-negative integer in big-endian
+    S_USER = (SRP_B - k * g^x)^(a + u * x) % N
+    K_USER = HKDF_HMAC_SHA256(salt=u, ikm=S_USER, info="Caldera Derived Key", length=16 bytes)
+    PASSWORD_CLAIM_SIGNATURE = Base64(HMAC_SHA256(key=K_USER, message=(DeviceGroupKey || DeviceKey || PASSWORD_CLAIM_SECRET_BLOCK || TIMESTAMP)))