forked from wwu-wombats/wombat
-
Notifications
You must be signed in to change notification settings - Fork 0
/
encryption_spec.txt
16 lines (11 loc) · 1.07 KB
/
encryption_spec.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
For client side web hashing, use Crypto-js. The password will be hashed using PBKDF2 with 500 rounds, keysize of 256/32, sha256.
The file you are sending/recieving will be encrypted/decrypted using AES and the keysize will be 256.
the AES key will be generated by PBKDF2 with 1000 rounds and keysize of 256/32 on the user password, sha256.
For server side password checking the sent password(the hash of the user password) will be hashed using bcrypt from the bcrypt python library. The number for the gensalt will be 15.
for client side desktop app the password will be hashed using PBKDF with 500 round, keysize of 256/32, sha256.
encrypting/decrypting the file being sent/recieved from the server will be with AES and the keysize will be 256, sha256.
the AES key will be generated by PBKDF2 with 1000 rounds and keysize of 256/32 on the user password, sha256.
******IMPORTANT******
make sure the salt is 'wombat'
*****TODO*****
check to see if Crypto-js and the encryption/hashing libraries we use for the desktop app play nice with eachother and make the same hashes from the same input.