668
edits
BrowserID Key Wrapping: Difference between revisions
→Architecture
| Line 35: | Line 35: | ||
== Architecture == | == Architecture == | ||
BrowserID generates a new key for each email address it verifies. We call this the user key. | |||
BrowserID wraps this user key with a password-key derived from the user's password. When the user changes their password, the user-key is unwrapped and rewrapped appropriately. If the user loses their password completely, in the current specification, the user-key is unrecoverable and may as well be deleted. | |||
[diagram of wrapped keys] | |||
== Security Considerations == | == Security Considerations == | ||
== Further Work == | == Further Work == | ||