diff options
Diffstat (limited to 'upgrade-notes.txt')
| -rw-r--r-- | upgrade-notes.txt | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/upgrade-notes.txt b/upgrade-notes.txt new file mode 100644 index 0000000..99fe411 --- /dev/null +++ b/upgrade-notes.txt @@ -0,0 +1,19 @@ +### +### Upgrade +### + +# We would like people to be able to upgrade an existing system to use SRP, without losing their user database. +# We can detect existing users who cannot authenticate with SRP because they will appear in the django.auth +# table without appearing in the srp table. Ultimately, we would like to do this without the user sending his plaintext password. + +# The server sends the client its salt for the database password, along with the hash algorithm that was used to store it. +# The client hashes the salt and password, and gets P = H(s,p). The client proceeds with SRP treating P as if it were +# its secret password. The server can do the same thing, and confirm the user's password. + +def ugprade(request): + user = django.contrib.auth.models.User.objects.get(username=request.POST["I"]) + shadowpass = user.password.split("$") + srpsalt = generate_salt() + algorithm = shadowpass[0] + shadowsalt = shadowpass[1] + passhash = shadowpass[2] |