The protocol involves interacting with Pythia service which cryptographically transforms user password into a cryptographically strong pseudo-random value using strong server secret. This value is impossible to obtain without both client and Pythia service.

Did this answer your question?