Confirm
471
edits
Changes
m
→Client-Side Key Stretching
[[File:PICL-IdPAuth-stretch-KDF.png|Stretching KDF]]
A later version of the protocol will replace this with the PBKDF2+scrypt+PBKDF2 protocol described in [[Identity/CryptoIdeas/01-PBKDF-scrypt]]. This stretching is expected to take a second or two. The client can optimistically start this process (using default parameters) before receiving the getSignToken1() response using default parameters, and then check that it used the right parameters afterwards (repeating the operation if not). (We'll want to build the stretching function with periodic checkpoints so that we don't have to lose all progress if the parameters turn out to be wrong). The "stretchSalt" is added *after* the stretching, to enable this parallelism (at a tiny cost in security).
After "masterKey" is derived, a second HKDF call is used to derive "unwrapKey" and "srpPW" which will be used later.
[[File:PICL-IdPAuth-main-KDF.png|masterKey KDF]]
=== Client-Side SRP Calculation ===
