diff --git a/README.md b/README.md
index 86f61d3..3f4fdbf 100644
--- a/README.md
+++ b/README.md
@@ -606,16 +606,16 @@ Phase 2: crypto primitives
 
 Phase 3: SRP + auth
 
-- [ ] SRP-6a client using `secure-remote-password` with the same group as the
-      server
-- [ ] `beginLogin(email, password)` returning a `LoginChallenge`
-- [ ] `requestEmailOTP` and `submitEmailOTP` for accounts without SRP
-- [ ] `submitTOTP(sessionID, code)`
+- [x] SRP-6a client using `fast-srp-hap` with the 4096-bit group (matching the
+      upstream Ente web client)
+- [x] `beginLogin(api, email, password)` returning a `LoginChallenge`
+- [x] `requestEmailOTP` and `submitEmailOTP` for accounts without SRP
+- [x] `submitTOTP(api, sessionID, code)`
 - [x] `unwrapAuth(response, password)` returning master key, secret key, public
       key, and decrypted token (URL-safe-no-padding base64)
 - [x] `src/auth/types.ts` with `KeyAttributes`, `SRPAttributes`,
       `AuthorizationResponse`, and `LoginChallenge`
-- [ ] Tests against recorded HTTP fixtures
+- [x] Tests with mock SRP server performing real 4096-bit math end-to-end
 
 Phase 4: HTTP client + endpoints