> On 18 apr. 2015, at 11:59, Thijs Alkemade <th...@xnyhps.nl> wrote: > > >> On 18 apr. 2015, at 11:42, Georg Lukas <ge...@op-co.de> wrote: >> >> 1. When a user logs in for the first time, an asymmetric keypair is >> created (I was thinking of Curve25519, where key creation is almost >> free). The private key is encrypted with a key derived from the user >> password / SASL state (https://www.zash.se/mod_storage_encfs.lua.html is >> a PoC for that). >> >> 2. All data that is stored for the user is encrypted with their public >> key and appended to their "container". > > What do you mean with “SASL state”? All of the data the server has after a > SCRAM-SHA-1 exchange is either a) stored on the server, b) session specific. > You can’t derive a key from that which the server could not derive on its own.
Zash pointed out to me that I was wrong. The ClientKey does not change between sessions, is not stored on the server (during normal operation) and the server does compute it during login. It could be used to derive a key. Thijs
signature.asc
Description: Message signed with OpenPGP using GPGMail
