Confirm
471
edits
Changes
→Creating the Account: fetch kA/wrap(kB) after creation, instead of supplying them during creation
* decide upon a stretchSalt (remembering this should be unique, but is not secret)
* decide upon SRP parameters (generally fixed)
* perform key-stretching, derive masterKey* create kA and kB, combining entropy from the local OS with more from the keyserver's getEntropy()* create wrap(kB), using unwrapKey (derived from masterKey)srpPW and wrapKey
* create srpVerifier, using srpPW and the SRP parameters
* deliver many values to the keyserver: parameters for stretching and SRP, kA, wrap(kB)salts, and the srpVerifier
The server, when creating a new account, creates both kA and wrap(kB) as randomly-generated 256-bit strings. It stores these, along with all the remaining values, in the account table where they can be retrieved by getToken later.
After creating the account, the client immediately runs getToken("sign") to fetch kA and wrap(kB). It then unwraps wrap(kB) by XORing it with wrapKey to obtain kB.
= Crypto Notes =
