Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encode pass entries #125

Open
Eoksni opened this issue Nov 25, 2019 · 0 comments
Open

encode pass entries #125

Eoksni opened this issue Nov 25, 2019 · 0 comments
Labels
enhancement

Comments

@Eoksni
Copy link
Member

Eoksni commented Nov 25, 2019
edited
Loading

For logged in user:

  • User enters password (it is never sent to the server).
  • Browser generates key based on that password.
  • Browser encodes pass entries using that key before sending them to the server
  • It also decodes pass entries received from the server using same key
  • The key can be stored in the local storage
  • The login password should be encoded as well, but is it safe to encode original password with that key? Alternative is to split original password into two parts, first part is used to generate key and second part is encoded using that key and then used as login password

For guests:

  • Hm, nothing is changed here

For signup:

  • Login password should be generated as above
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Eoksni