Closed islishude closed 4 years ago
An implementation could choose to use x = H(s | I | p) without affecting any steps required of the host. The standard RFC2945 defines x = H(s | H ( I | ":" | p) ). Use of I within x avoids a malicious server from being able to learn if two users share the same password.
ref:
Do you have a requirement to use just p
?
I get it now,thanks for your reply.
implementation
https://github.com/LinusU/secure-remote-password/blob/c12dfdf6a2b9442d03f87592206c7c7bb320a503/client.js#L24-L25
and the spec design