Skip to content
This repository has been archived by the owner on Apr 3, 2019. It is now read-only.

History / onepw protocol

Revisions

  • Updated onepw protocol (markdown)

    @rfk rfk committed Nov 25, 2015
    6608daa

  • Updated onepw protocol (markdown)

    @rfk rfk committed Oct 14, 2015
    04752b8

  • Updated onepw protocol (markdown)

    @rfk rfk committed Oct 14, 2015
    5a33bb3

  • Typo

    @renoirb renoirb committed May 30, 2014
    b2c6109

  • update HAWK options.payload=true explanation

    @warner warner committed Mar 21, 2014
    5d3ad5f

  • evil server == TLS-breaking MitM attacker

    @warner warner committed Feb 26, 2014
    f412a75

  • Adding password re-use to the "vs. old-Sync" section.

    @seanieb seanieb committed Feb 8, 2014
    64c782d

  • allow /account/create to return sessionToken/keyFetchToken

    @warner warner committed Jan 21, 2014
    1ddca86

  • expand on consequences of no-MAC-on-keys, for Sync

    @warner warner committed Jan 21, 2014
    e4a6a74

  • account-reset is web-based: code is no longer transcribed

    @warner warner committed Jan 21, 2014
    beca296

  • persona -> browserid rename to be more clear it's the proto we're using.

    @vmunix vmunix committed Jan 14, 2014
    9515a2f

  • more attempts to fix the link

    @warner warner committed Jan 7, 2014
    5a9bc81

  • fix link

    @warner warner committed Jan 7, 2014
    ad1f26b

  • add link to fetching-sync-keys

    @warner warner committed Jan 7, 2014
    f6aa933

  • add Extensions section on changing the client-side stretch parameters

    @warner warner committed Jan 6, 2014
    d09e733

  • update security analysis, two-pw/pairing extensions

    @warner warner committed Jan 4, 2014
    db1ea82

  • rename the /account/login "sync_keys=true" option to just "keys=true"

    @warner warner committed Jan 3, 2014
    0ca3959

  • clarify reset/changepw flow: kA remains the same

    @warner warner committed Jan 3, 2014
    adc4a7d

  • update test vectors

    @warner warner committed Jan 3, 2014
    d573f17

  • remove stretchWrap, use wrap(wrap(kB))

    @warner warner committed Jan 2, 2014
    98a26fe

  • add HKDF details, s/forgotPasswordToken/passwordForgotToken/ We figured it was more important to match the API name (/v1/password/forgot/*, which is sort of big-endian), even though grammatically the token name would read better as "forgotPasswordToken" (which is sort of little-endian). The specific place that needs to match is the purpose/CTXinfo string passed into HKDF when using this token to produce HAWK keys.

    @warner warner committed Dec 21, 2013
    a777567

  • update notes on use of keyFetchToken

    @warner warner committed Dec 20, 2013
    d35c802

  • update endpoint-delta section

    @warner warner committed Dec 18, 2013
    239eebf

  • rename /auth/password to /account/login and login_and_get_keys

    @warner warner committed Dec 18, 2013
    b5ecb30

  • add test vectors

    @warner warner committed Dec 18, 2013
    9b27aad

  • add delta from old protocol, note about account-mode

    @warner warner committed Dec 18, 2013
    7dfc93e

  • more notes

    @warner warner committed Dec 17, 2013
    78d838c

  • more updates

    @warner warner committed Dec 17, 2013
    3bcab84

  • update protocol-summary and typical-client-flows

    @warner warner committed Dec 17, 2013
    2027952

  • nope, that image was wrong

    @warner warner committed Dec 17, 2013
    5fae3c3