On Fri, May 02, 2014 at 12:21:51PM +0200, Mechiel Lukkien wrote:
> On Fri, May 02, 2014 at 11:41:46AM +0200, Mechiel Lukkien wrote:
> > thoughts? does conversion from uchar* to bignum, and back to uchar*
> > indeed strip leading zeroes?
> >
> > i think the salt should always be passed around as j
On Fri, May 02, 2014 at 11:41:46AM +0200, Mechiel Lukkien wrote:
> thoughts? does conversion from uchar* to bignum, and back to uchar*
> indeed strip leading zeroes?
>
> i think the salt should always be passed around as just bytes. in SRP
> it is never used for calculations with bignums.
after
the openssl SRP implementation seems to handle salts with leading
zero-bytes incorrectly.
salts are internally passed around as BIGNUM, and converted back
to uchar* before using them. however, they are only ever needed
as uchar*: only used for SHA1-ing. so my guess is the conversion
to BIGNUM, a