danielbrauer
commented
4 years ago Signup shouldn't log in, because the signup process doesn't actually do a full SRP authentication, meaning it doesn't produce a shared key.
Open danielbrauer opened 5 years ago
danielbrauer
commented
4 years ago Signup shouldn't log in, because the signup process doesn't actually do a full SRP authentication, meaning it doesn't produce a shared key.
https://medium.com/@intermediation/bullet-proof-you-restful-api-with-secure-remote-password-srp-and-http-hmac-spec-http-hmac-spec-16b805674e4f