diff options
author | ausiv4 <ausiv4@eb105b4a-77de-11de-a249-6bf219df57d5> | 2009-08-09 00:57:03 +0000 |
---|---|---|
committer | ausiv4 <ausiv4@eb105b4a-77de-11de-a249-6bf219df57d5> | 2009-08-09 00:57:03 +0000 |
commit | 900dc01238f0c0f6830d487d93f9176e711104fe (patch) | |
tree | bfe947b83e7e130f68f90adc0740c95e1a752eed /upgrade-notes.txt | |
parent | 48c6ab56a73b830c6fcddd32f44636e8b399be85 (diff) |
Significant cleanup to srp.js.
Diffstat (limited to 'upgrade-notes.txt')
-rw-r--r-- | upgrade-notes.txt | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/upgrade-notes.txt b/upgrade-notes.txt deleted file mode 100644 index 99fe411..0000000 --- a/upgrade-notes.txt +++ /dev/null @@ -1,19 +0,0 @@ -### -### Upgrade -### - -# We would like people to be able to upgrade an existing system to use SRP, without losing their user database. -# We can detect existing users who cannot authenticate with SRP because they will appear in the django.auth -# table without appearing in the srp table. Ultimately, we would like to do this without the user sending his plaintext password. - -# The server sends the client its salt for the database password, along with the hash algorithm that was used to store it. -# The client hashes the salt and password, and gets P = H(s,p). The client proceeds with SRP treating P as if it were -# its secret password. The server can do the same thing, and confirm the user's password. - -def ugprade(request): - user = django.contrib.auth.models.User.objects.get(username=request.POST["I"]) - shadowpass = user.password.split("$") - srpsalt = generate_salt() - algorithm = shadowpass[0] - shadowsalt = shadowpass[1] - passhash = shadowpass[2] |