|
|
|
|
|
|
by porcellus
3284 days ago
|
|
|
We are working on fully detailed whitepaper, meanwhile you can read about some of this in our documentation. Here is some clarification:
The user password is critical, because we need some kind of secret from the user, as we want them to be able to log in from multiple devices.
The password requirements are entirely application dependent, we don't handle them: we provide feedback based on zxcvbn that the app can use to judge password strength.
Regarding kdfs: the user password is first stretched using scrypt, then we use pbkdf2 to derive different keys for a few different uses. These keys are used to encrypt the user profile (which is just a collection of generated keys) before storing on the server.
The keys derived from the user password won't travel to the server, they never leave the client, only data encrypted by it does. This data is mostly just other keys, we don't store any user data.
We use AES GCM-256
Most keys are 32 bytes, for asymmetric key exchange we use the X25519 curve. |
|
|