summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-10-04using the SRP 6a algorithm for calculating MAzul
2012-10-04moved all server side auth stuff into session so i can remove the ↵Azul
authentication module
2012-10-04created session class to hold aa, bb and so forth - done for clientAzul
We have a session in the server already - duplication there now, merge next
2012-10-04more cleanup - no more duplicate password and username in ClientAzul
A client has a set of pwd and login and tries to auth with this.
2012-10-04simplifying modpow to default to BIG_PRIME_NAzul
2012-10-04some cleanup, sha functions now concat multiple argsAzul
also u does not depend on n
2012-10-04using BIG_PRIME_N and hashing the byte array - tests passAzul
We still calculate M differently than in SRP 6a
2012-10-03calculate verifiers and multiplier just like in py srpfeature-py_srp_compatAzul
Some other parts are still missing. Main issue was using hashes of hex representation rather that hashes of byte arrays
2012-09-17moved readme links from ruby-srp to ruby_srpAzul
2012-08-21added travis ci and codeclimate to the readmeAzul
2012-08-21no more spam for me pleaseAzul
2012-08-21adding minimal Rakefile so travis runs our testsAzul
2012-08-21updated srp-js after forced pushAzul
2012-08-06hand over the login on handshake like we normally wouldAzul
still missing the salt in this. auth should be more independent from registry to resemble the real process more closely
2012-08-06added authenticate! which raises SRP::WrongPassword if it fails, version 0.0.2Azul
2012-08-02added gemspecAzul
2012-08-02make sure our urls still work with srp-jsAzul
2012-08-01bringing in srp-js as a submodule for the exampleAzul
This will most likely become a simple js file once both are more stable.
2012-07-26we cache neither the verifier nor the secret in the session just in caseAzul
People might store the session in a CookieStore - which would probably be a bad idea anyway - but let's be save rather than sorry.
2012-07-26session is handled by the class that includes SRP::Authentication - not the ↵Azul
client
2012-07-26SRP::Authentication::Session holds the per session dataAzul
2012-07-26removing the remaining zerofillsAzul
2012-07-26both sides calculate their own uAzul
2012-07-26turned server class into authentication module - test green, example brokenAzul
The example seems to be broken due to changes in srp-js
2012-07-26removed debugging output and adjusted ruby client to new server apiAzul
2012-07-03more info and resources on the index pageAzul
bit of styling added
2012-07-03fixed workflow and reduced copyAzul
2012-07-03using json instead of xml responsesAzul
2012-06-29adopted srp algo to srp-js way of doing things.Azul
all large integers are now send as hex strings. Using sha256_str all over the place. This finally gives me successful logins. Needs a log of cleanup never the less.
2012-06-28complete ajax flow is working - just auth failsAzul
Also we currently generate the salt on the server - this should happen on the client but for now i stick to the srp-js workflow.
2012-06-27adjusted user model to use srpAzul
2012-06-27moved to ajax workflow and integrated srp-js - not quite there yetAzul
* needs a bit of cleanup from the old workflow * are client and server using the same primes right now? * store multiple users on the server side
2012-06-26first steps towards adding a server side srp flow to the exampleAzul
2012-06-26moved user and log class to models, verify prints logsAzul
2012-06-26moved the sample app to it's own subdirectoryAzul
2012-06-26stress three step layout with a little helperAzul
2012-06-26using layout in the sinatra appAzul
2012-06-26added simple sinatra app for demoing / testingAzul
2012-06-18added readmeAzul
2012-06-18initial commit - testing srp authAzul
* This is lacking a few steps. We confirm the secret is the same but no key is generated from it and it is transfered over the wire in clear. * this was inspired by https://gist.github.com/790048 * seperated util, client, server and test code