Notes for auditor.
This commit is contained in:
parent
aefda1245b
commit
4f8a648cc4
2 changed files with 11 additions and 0 deletions
|
@ -12,6 +12,12 @@ import (
|
|||
|
||||
// Thanks to Standard Notes. See:
|
||||
// https://docs.standardnotes.com/specification/encryption/
|
||||
//
|
||||
// Auditor: I don't really understand how this system exactly works, and if
|
||||
// I'm doing it right here, given that I don't understand it. In particular:
|
||||
// Email address isn't sufficient for a secure salt, but it *is* somehow
|
||||
// sufficient to keep the server from lying to us about passing the seed
|
||||
// between clients? Is that the idea?
|
||||
|
||||
type ClientSaltSeedResponse struct {
|
||||
ClientSaltSeed auth.ClientSaltSeed `json:"clientSaltSeed"`
|
||||
|
|
|
@ -318,6 +318,10 @@ class Client():
|
|||
def register(self):
|
||||
# Note that for each registration, i.e. for each domain, we generate a
|
||||
# different salt seed.
|
||||
#
|
||||
# Auditor - Does changing salt seed here cover the threat of sync servers
|
||||
# guessing the password of the same user on another sync server? It should
|
||||
# be a new seed if it's a new server.
|
||||
|
||||
self.salt_seed = generate_salt_seed()
|
||||
self.lbry_id_password, self.sync_password, self.hmac_key = derive_secrets(
|
||||
|
@ -514,6 +518,7 @@ class Client():
|
|||
# update that as well so that the sync password and hmac key are derived
|
||||
# from the same root password as the lbry id password.
|
||||
|
||||
# Auditor - Should we be generating a *new* seed for every password change?
|
||||
self.salt_seed = generate_salt_seed()
|
||||
new_lbry_id_password, new_sync_password, new_hmac_key = derive_secrets(
|
||||
new_root_password, self.email, self.salt_seed)
|
||||
|
|
Loading…
Reference in a new issue