Confirmed users
471
edits
Identity/CryptoIdeas/03-ID-Attached-Data: Difference between revisions
Jump to navigation
Jump to search
m
Identity/CryptoIdeas/03-ID-Attached-Data (view source)
Revision as of 01:27, 7 June 2013
, 7 June 2013clarify that kB is client-generated
m (clarify that kB is client-generated) |
|||
| Line 83: | Line 83: | ||
used in a "key retrieval" step (probably using SRP) to safely obtain a | used in a "key retrieval" step (probably using SRP) to safely obtain a | ||
wrapped copy of "kB", which is then unwrapped with a different derivative of | wrapped copy of "kB", which is then unwrapped with a different derivative of | ||
the master key. The key retrieval step can use shared | the master key. The key retrieval step can use the shared session key to | ||
eavesdroppers (even those who break TLS) from learning anything about the | prevent eavesdroppers (even those who break TLS) from learning anything about | ||
password or kB. | the password or kB. This kB is a full-strength random key, created on the | ||
client, and never revealed (except in wrapped form) to the Key Server. As a | |||
result, class-B data is fully protected against everyone but the Key Server, | |||
and even the Key Server only gets a brute-force attack against the user's | |||
master password. | |||
[[File:PICL-03-setup-password.png|Setup With Password]] | [[File:PICL-03-setup-password.png|Setup With Password]] | ||