SRP: Pure get_password_verifier function

[est31]

It would be awesome if the function get_password_verifier wouldn't require a client but just had a signature like fn get_password_verifier<D: Digest>(private_key: &[u8], params, &[u8]) -> Vec<u8> or something.

[est31]

For backwards compat, you could still keep the old function around but add a second one directly inside the root module.

[newpavlov]

Hm, I guess it's indeed worth to add a standalone function get_password_verifier<D: Digest>(private_key: &[u8], group: &'a SrpGroup) -> Vec<u8>. I can add it in the next version.

On a side note: I think srp needs a certain redesign, e.g. we could pull entropy automatically, so if you have any suggestions I will be happy to hear them out!

[est31]

I guess it's indeed worth to add a standalone function

Thanks! I do think that a function right on the client struct is a good choice, as it is most convenient, but there should also be a "pure" one.

we could pull entropy automatically

Yeah, that would be a good idea. However, there should still be the option to provide the numbers yourself so that e.g. your unit tests could be deterministic.

As for further ideas for the redesign, one thing that I found a bit weird was the UserRecord struct. All the function needs from the struct is the verifier, and the other members of the struct aren't used anywhere in the API. Otherwise I'm okay with the API.

[jbis9051]

79 fixes this https://github.com/RustCrypto/PAKEs/pull/79/files#diff-af1d54d978e5f7b4fe3ea00f0900d737086d290327c58f58b5aeaf8a3917ff5dR30

[tarcieri]

Fixed in #79