Confirm
471
edits
Changes
m
add account-creating stub
The current stub just submits (newPassword, wrap(kB), resetToken). This will be replaced soon.
= Creating the Account =
To create the account in the first place, the client starts with email+password, then does the following steps:
* decide upon stretching parameters (perhaps consulting the keyserver for recommendations, but imposing a minimum strength requirement)
* decide upon a stretchSalt (remembering this should be unique, but is not secret)
* decide upon SRP parameters (generally fixed)
* perform key-stretching, derive masterKey
* create kA and kB, combining entropy from the local OS with more from the keyserver's getEntropy()
* create wrap(kB), using unwrapKey (derived from masterKey)
* create srpVerifier, using srpPW and the SRP parameters
* deliver many values to the keyserver: parameters for stretching and SRP, kA, wrap(kB), and the srpVerifier
