From 07ab1498e712c4b010069f9e82b3f476ac9fb193 Mon Sep 17 00:00:00 2001 From: Kevin F Date: Sat, 31 Dec 2022 00:37:44 -0600 Subject: [PATCH] Updated Authentication to describe the change from uuid --- security/Authentication.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security/Authentication.md b/security/Authentication.md index b0caab4..0957dcf 100644 --- a/security/Authentication.md +++ b/security/Authentication.md @@ -3,10 +3,11 @@ Keyboarding is a very sensitive activity, so this app naturally needs to encrypt and authenticate connections. All connections are encrypted using an external TLS proxy (e.g. [Caddy](https://caddyserver.com)) outside the -scope of this project, but we perform application level authentication using two -randomly generated UUIDv4s in a manner similar to a passphrase. @{token generation} +scope of this project. -We hash the token using sha3-256 to avoid accidentally exposing the token to a +We perform application level authentication using the system random device. @{token generation} + +We hash the 32 byte token using sha3-256 to avoid accidentally exposing the token to a readonly attacker. Since the token is very high entropy, we do not need a salt or KDF.