This is the first implementation of SRP I've ever seen that remembered on the first try to check (A%n)!=0 instead of A!=0, so I give him props for diligence.
But SRP is totally irrelevant in a browser context, because any technique you can use to safely deliver SRP code to the browser can be used just as easily to safely exchange passwords directly. SRP will be relevant when browsers bake it in.
> But SRP is totally irrelevant in a browser context, because any technique you can use to safely deliver SRP code to the browser can be used just as easily to safely exchange passwords directly. SRP will be relevant when browsers bake it in.
If you read the conclusion, this is why I ripped out the SRP stuff :-) Can't wait for TLS-SRP to hit the browsers.
But SRP is totally irrelevant in a browser context, because any technique you can use to safely deliver SRP code to the browser can be used just as easily to safely exchange passwords directly. SRP will be relevant when browsers bake it in.