kev/gosmartkeyboard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated Authentication to describe the change from uuid

Browse Source
This commit is contained in:
Kevin F 2022-12-31 00:37:44 -06:00
parent 46de195bf8
commit 07ab1498e7
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
security/Authentication.md
View File

@ -3,10 +3,11 @@
Keyboarding is a very sensitive activity, so this app naturally needs to encrypt and authenticate connections.
All connections are encrypted using an external TLS proxy (e.g. [Caddy](https://caddyserver.com)) outside the
scope of this project, but we perform application level authentication using two
randomly generated UUIDv4s in a manner similar to a passphrase. @{token generation}
scope of this project.
We hash the token using sha3-256 to avoid accidentally exposing the token to a
We perform application level authentication using the system random device. @{token generation}
We hash the 32 byte token using sha3-256 to avoid accidentally exposing the token to a
readonly attacker. Since the token is very high entropy, we do not need a salt or
KDF.