From 124ef39cb84dec12d21a36e98039e6a5042e7317 Mon Sep 17 00:00:00 2001 From: ausiv4 Date: Wed, 12 Aug 2009 17:01:23 +0000 Subject: When upgrading the user from a non-srp account to an SRP account, the client must send the server the password. I wasn't happy about doing this in plaintext, so I've incorporated slowAES on both the client and the server to encrypt the password before it is sent, using the key generated in the first SRP transaction. --- django/srpproject/urls.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'django/srpproject/urls.py') diff --git a/django/srpproject/urls.py b/django/srpproject/urls.py index 550676e..07f446f 100644 --- a/django/srpproject/urls.py +++ b/django/srpproject/urls.py @@ -23,4 +23,6 @@ urlpatterns = patterns('', (r'^srp/register/$', views.register_page), (r'^srp/upgrade/authenticate/$', views.upgrade_auth), (r'^srp/upgrade/verifier/$', views.upgrade_add_verifier), + (r'^srp/aes/$', views.test_aes), + (r'^srp/aes/post/$', views.doaes), ) -- cgit v1.2.3