srp_js.git - [srp

Age	Commit message (Collapse)	Author
2009-08-13	Added support for logins without javascript. This is configurable on a ↵	ausiv4
	site-by-site basis.
2009-08-12	Rather than passing the necessary parameters to the SRP constructor, I've ↵	ausiv4
	made them hidden fields in the form. This way a bookmarklet will be able to read the fields, and authentication can be done without trusting the javascript sent by the server. I also organized urls.py
2009-08-12	When upgrading the user from a non-srp account to an SRP account, the client ↵	ausiv4
	must send the server the password. I wasn't happy about doing this in plaintext, so I've incorporated slowAES on both the client and the server to encrypt the password before it is sent, using the key generated in the first SRP transaction.
2009-08-08	This adds upgrade functionality so that existing django apps can switch to SRP.	ausiv4
	If a user exists in the auth table but not the srp table, the server sends back the algorithm and salt needed to hash the password. The hashed password is used to authenticate the user. After the server authenticates the user and the user verifies the identity of the server, the user sends the password in plaintext. The server uses the plaintext password to calculate the verifier and stores. Finally, the client reinitiates the login process.
2009-07-23	First submission.	ausiv4