BrowserID Key Wrapping: Difference between revisions

Jump to navigation Jump to search

BrowserID Key Wrapping (view source)

Revision as of 03:35, 6 January 2012

47 bytes added ,  6 January 2012
→‎User Key
Line 46: Line 46:
=== User Key ===
=== User Key ===


BrowserID generates a new key for each email address it verifies. We call this the user key UK. BrowserID encrypts UK with a password-key (PWK) derived from the user's password. When the user changes their password, UK is unwrapped and rewrapped appropriately with a new PWK'. If the user loses their password completely, in the current specification, UK is unrecoverable and may as well be deleted.
BrowserID generates a new key for each email address it verifies. We call this the user key UK. BrowserID wraps UK with a password-key (PWK) tagged <tt>keytype=user</tt>. PWK is derived from the user's password using PBDKF2. When the user changes their password, UK is unwrapped and rewrapped appropriately with a new PWK'. If the user loses their password completely, in the current specification, UK is unrecoverable and may as well be deleted.


[[Image:Browserid-userkeys.png]]
[[Image:Browserid-userkeys.png]]
BenAdida
668

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/384352"

Navigation menu