From 40fd75696b548d18057a289e849be98dd2af12dd Mon Sep 17 00:00:00 2001
From: ausiv4 <ausiv4@eb105b4a-77de-11de-a249-6bf219df57d5>
Date: Fri, 24 Jul 2009 13:57:46 +0000
Subject: Not what I meant to do...

---
 proper-random/upgrade-notes.txt | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 proper-random/upgrade-notes.txt

(limited to 'proper-random/upgrade-notes.txt')

diff --git a/proper-random/upgrade-notes.txt b/proper-random/upgrade-notes.txt
new file mode 100644
index 0000000..99fe411
--- /dev/null
+++ b/proper-random/upgrade-notes.txt
@@ -0,0 +1,19 @@
+###
+### Upgrade
+###
+
+# We would like people to be able to upgrade an existing system to use SRP, without losing their user database.
+# We can detect existing users who cannot authenticate with SRP because they will appear in the django.auth
+# table without appearing in the srp table. Ultimately, we would like to do this without the user sending his plaintext password.
+
+# The server sends the client its salt for the database password, along with the hash algorithm that was used to store it.
+# The client hashes the salt and password, and gets P = H(s,p). The client proceeds with SRP treating P as if it were
+# its secret password. The server can do the same thing, and confirm the user's password.
+
+def ugprade(request):
+    user = django.contrib.auth.models.User.objects.get(username=request.POST["I"])
+    shadowpass = user.password.split("$")
+    srpsalt = generate_salt()
+    algorithm = shadowpass[0]
+    shadowsalt = shadowpass[1]
+    passhash = shadowpass[2]
-- 
cgit v1.2.3