jsrp icon indicating copy to clipboard operation
jsrp copied to clipboard
verified publisher icon alax

createVerifier() does not use salt given in setSalt()

Open tyler-burkett opened this issue 5 years ago • 1 comments

I noticed that in Client.createVerifier() the saltBuf is always set to the salt value provided in the srp.generateSalt() callback. This consequently means that any salt set using setSalt() is not used when creating the verifier. This looks like a bug.

tyler-burkett avatar Dec 20 '19 15:12 tyler-burkett

Hmm, I see. The thing is, setSalt() was designed to only be used during the login process, not to provide a salt to the createVerifier() process. So in that case, it's not really a bug but poor documentation on my part.

However, the use case where someone would like to bring their own salt during the verifier creation process should probably be supported, so I'll leave this open.

alax avatar Dec 21 '19 14:12 alax