|
|
|
|
|
|
by stan_rogers
4711 days ago
|
|
|
Trivia note: this is, in a nutshell, how the Lotus/IBM Notes ID works. The password is used in a KDF to generate a key, which in turn decrypts the user's private key (and certain other credentials, along with symmetric secret keys for shared encrypted doccuments). Success/failure is determined solely by the successful decryption of known bytes in the encrypted package. Other info (the user's public key, identity and certifier, all signed) are maintained in the clear and can be easily and safely exported and may be "trusted" for authentication with remote machines. There is a "password recovery" system as well (it doesn't actually recover the password, but allows a reset), requiring cooperation of two or more admins¹ (in a Shamir-type arrangement) so that previously-encrypted user data will not be lost. ¹ There is the option to use a single admin, but there are great big warning signs and scary red boxes all over that section of the doco. It's something you'd only use in a solo shop (as a Notes ISV or a Domino web dev). |
|
|