Forcing new password with zero-knowledge proof authentications

Question

Let's say a ZKP (e.g. SRP6a) is used, for password verification.

Let's say I need to force a user to change their password (so I have the salt and the verifier for the current password). For this, the client will need to send me the new salt and verifier values. But I can't check if the password used was the same if the salt is random.

The reason I bother is because an initial password may be delivered over a less secure way, and I don't want that password to linger.

The only way to ensure the passwords to be different that I found is to require the new salt to be the same as old.

The mechanism to change the password is exposed as an API to the client, and I can't necessarily trust the client to do that verification.

The questions are:

1. Is there a better way?
2. If no, then is there any downside to requiring the same salt, i.e. am I compromising anything?

Answer 1

First of all, note that if the server generated the first insecure password, than it is easy for him to check whether the client switched password or not. Because the only secret value in this scheme is the password itself. Hence the server can try to generate the v variable and simply check if they are identical. So your original problem is solved that way.

As far as I understand, the idea behind the salt in this scheme is exactly to prevent from an adversary to figure out when the same password is used. It seems to me (haven't checked it through, but with a quick glance) that the scheme will be secure enough if you will fix a random salt for each client. It seems that the only advantage in this case is that the server can detect password reuses.