Confirmed users
471
edits
Identity/CryptoIdeas/01-PBKDF-scrypt: Difference between revisions
→Protocol Diagram
| Line 349: | Line 349: | ||
== Protocol Diagram == | == Protocol Diagram == | ||
The following PDF diagrams contains complete details on several variants of | |||
including how the salts are generated, and the client/server messages that | the protocol, including how the salts are generated, and the client/server | ||
are exchanged | messages that are exchanged. | ||
* [[media:Keywrapping-details-anon-noSRP.pdf|anonymous data, no SRP]] | |||
* [[media:Keywrapping-details-anon-SRP.pdf|anonymous data, yes SRP]] | |||
* [[media:Keywrapping-details-email-SRP.pdf|email-indexed data, yes SRP]] | |||
In each document, the first page describes the basic KDF operation and the | |||
"init" message which establishes or retrieves the user's SRP verifier or (for | |||
the non-SRP case) their "S2" selection index and "S3" shared secret. The | |||
second page shows how SRP or S2+S3 are used to perform protected requests. | |||
The third page shows the "get" and "set" protected requests. The final page | |||
shows the "change password" request (which combines a "get" request, to fetch | |||
the UK, then uses a new "change" message to replace the stored data with a | |||
re-encrypted row). There is also a "delete data" request that is similar for | |||
all variants. | |||
The anonymous-data forms never reveal the user's email address to the server, | |||
which somewhat increases an attacker's costs, but prevents account-based | |||
rate-limiting of online attacks. In all cases the "TOFU" window exists only | |||
during the init phase: once that setup has been performed, all subsequent | |||
messages could safely be sent in the clear. | |||
== Updates / Discussion == | == Updates / Discussion == | ||