npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ddp-srp

v0.8.1-2

Published

Node packaging of Meteor's SRP implementation

Downloads

7

Readme

ddp-srp

Build Status

Library for Secure Remote Password (SRP) exchanges.

###SRP.generateVerifier(password, options)

Generate a new SRP verifier. Password is the plaintext password.

options is optional and can include:

  • identity: String. The SRP username to user. Mostly this is passed in for testing. Random UUID if not provided.
  • salt: String. A salt to use. Mostly this is passed in for testing. Random UUID if not provided.
  • SRP parameters (see _defaults and paramsFromOptions below)

###SRP.Client

Generate a new SRP client object. Password is the plaintext password.

options is optional and can include:

  • a: client's private ephemeral value. String or BigInteger. Normally, this is picked randomly, but it can be passed in for testing.
  • SRP parameters (see _defaults and paramsFromOptions below)

###SRP.Client.startExchange()

Initiate an SRP exchange.

returns { A: 'client public ephemeral key. hex encoded integer.' }

###SRP.Client.prototype.respondToChallenge(challenge)

Respond to the server's challenge with a proof of password.

challenge is an object with

  • B: server public ephemeral key. hex encoded integer.
  • identity: user's identity (SRP username).
  • salt: user's salt.

returns { M: 'client proof of password. hex encoded integer.' }

throws an error if it got an invalid challenge.

###SRP.Client.verifyConfirmation(confirmation)

Verify server's confirmation message.

confirmation is an object with

  • HAMK: server's proof of password.

returns true or false.

###SRP.Server(verifier, options)

Generate a new SRP server object.

options is optional and can include:

  • b: server's private ephemeral value. String or BigInteger. Normally, this is picked randomly, but it can be passed in for testing.
  • SRP parameters (see _defaults and paramsFromOptions below)

###SRP.Server.issueChallenge(request)

Issue a challenge to the client.

Takes a request from the client containing:

  • A: hex encoded int.

Returns a challenge with:

  • B: server public ephemeral key. hex encoded integer.
  • identity: user's identity (SRP username).
  • salt: user's salt.

Throws an error if issued a bad request.

###SRP.Server.verifyResponse(response)

Verify a response from the client and return confirmation.

Takes a challenge response from the client containing:

  • M: client proof of password. hex encoded int.

Returns a confirmation if the client's proof is good:

  • HAMK: server proof of password. hex encoded integer. OR null if the client's proof doesn't match.

###_defaults

/**
 * Default parameter values for SRP.
 *
 */
var _defaults = {
  hash: function (x) { return SHA256(x).toLowerCase(); },
  N: new BigInteger("EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3", 16),
  g: new BigInteger("2")
};
_defaults.k = new BigInteger(
  _defaults.hash(
    _defaults.N.toString(16) +
      _defaults.g.toString(16)),
  16);

###paramsFromOptions

/**
 * Process an options hash to create SRP parameters.
 *
 * Options can include:
 * - hash: Function. Defaults to SHA256.
 * - N: String or BigInteger. Defaults to 1024 bit value from RFC 5054
 * - g: String or BigInteger. Defaults to 2.
 * - k: String or BigInteger. Defaults to hash(N, g)
 */
var paramsFromOptions = function (options) {
  if (!options) // fast path
    return _defaults;

  var ret = _.extend({}, _defaults);

  _.each(['N', 'g', 'k'], function (p) {
    if (options[p]) {
      if (typeof options[p] === "string")
        ret[p] = new BigInteger(options[p], 16);
      else if (options[p] instanceof BigInteger)
        ret[p] = options[p];
      else
        throw new Error("Invalid parameter: " + p);
    }
  });

  if (options.hash)
    ret.hash = function (x) { return options.hash(x).toLowerCase(); };

  if (!options.k && (options.N || options.g || options.hash)) {
    ret.k = ret.hash(ret.N.toString(16) + ret.g.toString(16));
  }

  return ret;
};