- changed status to resolved
Java client `computeX` is not `mod(N)`
Issue #15
resolved
The JavaScript client code does:
this.x = this.fromHex(hash).mod(this.N());
Which is consistent with the original demo at http://srp.stanford.edu/demo/demo.html. The Java verifier generator got this correct but the Java HexHashedXRoutine
dropped the final mod(N)
. This means that programs attempting to login from the Java code could potentially have a problem.
Comments (2)
-
reporter -
reporter The class
TestJavaClient
main method will run 10,000 mutual authentications which check the java session can login. This didn't show up the bug suggesting that the lack of the mod(N) wasn't actually breaking anything before it was corrected. - Log in to comment