Notes for auditor.

server/client.go

@@ -12,6 +12,12 @@ import (
 
 // Thanks to Standard Notes. See:
 // https://docs.standardnotes.com/specification/encryption/
+//
+// Auditor: I don't really understand how this system exactly works, and if
+// I'm doing it right here, given that I don't understand it. In particular:
+// Email address isn't sufficient for a secure salt, but it *is* somehow
+// sufficient to keep the server from lying to us about passing the seed
+// between clients? Is that the idea?
 
 type ClientSaltSeedResponse struct {
 	ClientSaltSeed auth.ClientSaltSeed `json:"clientSaltSeed"`

test_client/test_client.py

@@ -318,6 +318,10 @@ class Client():
   def register(self):
     # Note that for each registration, i.e. for each domain, we generate a
     # different salt seed.
+    #
+    # Auditor - Does changing salt seed here cover the threat of sync servers
+    # guessing the password of the same user on another sync server? It should
+    # be a new seed if it's a new server.
 
     self.salt_seed = generate_salt_seed()
     self.lbry_id_password, self.sync_password, self.hmac_key = derive_secrets(
@@ -514,6 +518,7 @@ class Client():
     # update that as well so that the sync password and hmac key are derived
     # from the same root password as the lbry id password.
 
+    # Auditor - Should we be generating a *new* seed for every password change?
     self.salt_seed = generate_salt_seed()
     new_lbry_id_password, new_sync_password, new_hmac_key = derive_secrets(
       new_root_password, self.email, self.salt_seed)