Submitted by Giulio Cesare on 14 May, 2007 - 15:06.
The short answer is “no”.
The long answer is too long to be tell on a comment, but I will try to point out the main elements:
we use the SRP protocol to authenticate Clipperz’s users; this protocol works without ever sending the password to the server, neither for registration nor for authentication;
we don’t even use your straight passphrase for the SRP protocol, just as a second level of protection [1]
If you are interested in more details, please join our discussion group
[1] the full formula is srp_password = sha-d256(passphrase + username);
you can find it on the source file src/js/Clipperz/PM/Connection.js, at line 503
Re: Local vs server password
The short answer is “no”.
The long answer is too long to be tell on a comment, but I will try to point out the main elements:
If you are interested in more details, please join our discussion group
[1] the full formula is srp_password = sha-d256(passphrase + username); you can find it on the source file src/js/Clipperz/PM/Connection.js, at line 503