- changed status to open
Investigate client-side KDF
Issue #2
resolved
See suggestion in http://throwingfire.com/secure-remote-password-isnt-bad/
Comments (5)
-
reporter -
reporter PBKDF2 tests fail about 50% of the time???
-
- marked as minor
-
Folks are free to use whatever key stretching algorithm before they pass the password into SRP. This will the force the attacker to run the same algorithm. As folks can freely “compose” key stretching without us having to change nimbus I will close this old issue.
-
- changed status to resolved
won't fix.
- Log in to comment
Added experimental PBKDF support in commit 4e2e879f4ccdcc7c51c8a1395d5f52eb773106db.