!NasysSDfxKxZBzJJoE:matrix.org

#matrix-spec

99 Members
Discussion of specific Matrix Spec Change proposals | https://matrix.org/docs/spec/proposals | Design draft folder at: https://drive.google.com/drive/folders/0B4wHq8qP86r2ck15MHEwMmlNVUk 59 Servers

Load older messages


Timestamp Message
9 Apr 2020
19:13:15@mathijs:matrix.vgorcum.comMathijsbut I may be missing something clever :P
19:13:17@hubert:uhoreg.cauhoreg
In reply to @mathijs:matrix.vgorcum.com
would you want some kind of deterministic KDF from the password, or would you somehow want to transport the private key to a new device upon login?
Some kind of deterministic KDF, probably similar to SSSS (and probably reusing as much of it as possible)
19:14:07@mathijs:matrix.vgorcum.comMathijsI see, that makes sense
19:14:55@mathijs:matrix.vgorcum.comMathijswhat does SSSS actually use?
19:17:54@hubert:uhoreg.cauhoregIt uses PBKDF2 to generate an initial key and HKDF (with SHA-256 I think) to generate other keys. I considered argon instead of PBKDF2, but argon doesn't have as much support yet (in particular, webcrypto doesn't support it).
19:23:00@mathijs:matrix.vgorcum.comMathijsI see
19:23:08@mathijs:matrix.vgorcum.comMathijsthanks for taking the time to explain
19:29:55@mathijs:matrix.vgorcum.comMathijsactually: what is used for the salt in pbkdf2?
19:30:07* @mathijs:matrix.vgorcum.comMathijs should probably just read the msc
19:31:35@hubert:uhoreg.cauhoregThe salt is random, and stored in the SSSS key info
19:32:17@mathijs:matrix.vgorcum.comMathijsI see, so you fetch that from the server
19:32:41@hubert:uhoreg.cauhoreg
In reply to * @mathijs:matrix.vgorcum.com
should probably just read the msc
FYI, the MSC in the repo is a bit outdated. The latest version is in https://github.com/matrix-org/matrix-doc/pull/2472
19:32:58@mathijs:matrix.vgorcum.comMathijsty 👍️
19:33:49@mathijs:matrix.vgorcum.comMathijsoh, yeah, I read you switched to a symmetric encryption method
19:35:54@mathijs:matrix.vgorcum.comMathijshave you had any thoughts about a salt for using this as a login method?
19:36:11@mathijs:matrix.vgorcum.comMathijsfetch a salt from the server when trying to login based on username?
19:42:21@mathijs:matrix.vgorcum.comMathijsdownside is that you need an extra roundtrip when filling in the username
19:42:38@mathijs:matrix.vgorcum.comMathijsthough I guess we also already do the well-known lookup, so what's another roundtrip
20:07:26@hubert:uhoreg.cauhoregI've thought about it briefly, but haven't tried to figure out any details yet.
10 Apr 2020
02:35:51@david:vovo.id.audavo

What if you just did SRP instead of reinventing the wheel?

06:55:50@mathijs:matrix.vgorcum.comMathijsmaybe we could just do whatever bitwarden does
07:06:58@david:vovo.id.audavowell, this is what bitwarden does at a high level: https://help.bitwarden.com/article/password-salt-hash/
07:07:10@david:vovo.id.audavo * well, this is what bitwarden does at a high level: https://help.bitwarden.com/article/password-salt-hash/
07:08:21@david:vovo.id.audavoProtonmail do SRP though, as an example
07:40:08@david:vovo.id.audavo Why does /event/{eventId} return a 1-array pdus? https://matrix.org/docs/spec/server_server/r0.1.3#get-matrix-federation-v1-event-eventid
08:02:30@mathijs:matrix.vgorcum.comMathijs
In reply to @david:vovo.id.au
well, this is what bitwarden does at a high level: https://help.bitwarden.com/article/password-salt-hash/
yeah, I read through it, but found the help articles to be generally too superficial
08:02:44@mathijs:matrix.vgorcum.comMathijsthough that makes sense, I'm not the target audience
09:49:47@hubert:uhoreg.cauhoreg
In reply to @david:vovo.id.au

What if you just did SRP instead of reinventing the wheel?

I've looked a bit at some PAKEs before. There's some criticism of SRP at https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/ but some other PAKEs might be interesting to look at. There's also SCRAM, which was created by some XMPP people. It's certainly worth considering prior art.
09:55:08@hubert:uhoreg.cauhoregOne criterion that I have is that it should be reasonably easy for people to implement, which means, for example, not being too complicated, and reusing as much of what we're already using, so that people don't have to implement too many different cryptographic operations.
09:57:42@hubert:uhoreg.cauhoreg
In reply to @david:vovo.id.au
Why does /event/{eventId} return a 1-array pdus? https://matrix.org/docs/spec/server_server/r0.1.3#get-matrix-federation-v1-event-eventid
I don't know for sure, but I would guess that it's for symmetry with https://matrix.org/docs/spec/server_server/r0.1.3#put-matrix-federation-v1-send-txnid

There are no newer messages yet.


Back to Room List