Updated Authentication to describe the change from uuid
This commit is contained in:
parent
46de195bf8
commit
07ab1498e7
@ -3,10 +3,11 @@
|
|||||||
Keyboarding is a very sensitive activity, so this app naturally needs to encrypt and authenticate connections.
|
Keyboarding is a very sensitive activity, so this app naturally needs to encrypt and authenticate connections.
|
||||||
|
|
||||||
All connections are encrypted using an external TLS proxy (e.g. [Caddy](https://caddyserver.com)) outside the
|
All connections are encrypted using an external TLS proxy (e.g. [Caddy](https://caddyserver.com)) outside the
|
||||||
scope of this project, but we perform application level authentication using two
|
scope of this project.
|
||||||
randomly generated UUIDv4s in a manner similar to a passphrase. @{token generation}
|
|
||||||
|
|
||||||
We hash the token using sha3-256 to avoid accidentally exposing the token to a
|
We perform application level authentication using the system random device. @{token generation}
|
||||||
|
|
||||||
|
We hash the 32 byte token using sha3-256 to avoid accidentally exposing the token to a
|
||||||
readonly attacker. Since the token is very high entropy, we do not need a salt or
|
readonly attacker. Since the token is very high entropy, we do not need a salt or
|
||||||
KDF.
|
KDF.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user