selfhosted
/
padloc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

typsos in security doc (mostly possessive nouns)

This commit is contained in:
Timothy John Perisho Eccleston 2020-04-21 06:07:50 -05:00 committed by Martin Kleinschrodt
parent 1622784f11
commit 9927972bdf
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
security.md
View File

@ -216,7 +216,7 @@ The **Account** object represents an individual Padloc user and is central to
Padlocs encryption and authentication mechanisms. Each **Account** holds the
following information:
- The users **email address** is not only used as a communication channel but,
- The user's **email address** is not only used as a communication channel but,
more importantly, serves as a unique, human-verifiable identifier for each
Padloc user.
- A RSA **private key** and **public key** pair is used in places where a user
@ -328,7 +328,7 @@ Every time a **Vault** participant encrypts the vault data, they perform
the following steps:
1. Determine accessors based on organization structure.
2. Verify each accessors identity and public key (see [Verifying
2. Verify each accessor's identity and public key (see [Verifying
Members](#verifying-members))
3. Encrypt the data using the steps outlined in [Shared-Key Encryption](#shared-key-encryption)
@ -352,7 +352,7 @@ information:
invite verification code during [key
exchange](#trustless-server-mediated-key-exchange)
The organizations **private key** and **invites key** are considered secret
The organization's **private key** and **invites key** are considered secret
and need therefore be encrypted at rest. For this, the organization acts as a
[Shared Crypto Container](#shared-key-encryption) with the [organization
owners](#owner) acting as accessors.
@ -444,13 +444,13 @@ new member. The key exchange is performed as follows:
##### Notes:
- In practice, the members account id and email and the organization id are
- In practice, the member's account id and email and the organization id are
included in the respective signatures to protect these from tempering as
well.
- Since `p` needs to be sufficiently short to be conveniently entered by
hand, it can potentially be guessed by eavesdroppers which would allow them
to successfully perform a man-in-the-middle attach by injecting their own
to successfully perform a man-in-the-middle attack by injecting their own
public key. This is mitigated by using a sufficiently large iteration count `i`
and invalidating key exchanges after a certain amount of time.
@ -507,7 +507,7 @@ can verify the public key of any other member as follows.
1. Verify the organizations public key using the organization signature created
with their own HMAC key
2. Verify the other members public key using the organizations public key.
2. Verify the other member's public key using the organization's public key.
```
┏━━━━━━━━━━━━━━┓ ┏━━━━━━━━━━━━━━┓ ┏━━━━━━━━━━━━━━┓
@ -581,15 +581,15 @@ access to user data, ensure payload integrity and enforce user permissions.
A variation of the [Secure Remote
Password](https://tools.ietf.org/html/rfc2945) protocol is used to authenticate
users and establish a secure connection between client and server without
exposing the users master password.
exposing the user's master password.
### User Signup
Whenever a user creates a Padloc account, the following steps take place:
1. Let **`u`** and **`p`** be the users **email address** and **master password**, respectively.
1. Let **`u`** and **`p`** be the user's **email address** and **master password**, respectively.
2. The **client `C`** sends **`u`** to the server **`S`**.
3. The server sends an email **verification code `c`** to the users email address.
3. The server sends an email **verification code `c`** to the user's email address.
4. **`C`** chooses a **random salt `s`** and **iteration count `i`**
5. **`C`** generates **`x = PBKDF2(p, s, i)`** and the **password verifier `v = v(x)`**\*
6. **`C`** sends **`u`**, **`v`**, **`s`**, **`i`** and **`c`** to **`S`**
@ -745,7 +745,7 @@ order to eavesdrop on the connection and/or temper with messages in transit.
MITM attacks may be launched in a multitude of ways, and even with technlogies
like TLS, it is very hard to completely rule out that other parties may be
listening in on the connection or even trying temper with the messages
listening in on the connection or even trying to tamper with the messages
exchanged. Therefore, steps should be taken not only to mitigate the risk of a
successful MITM attack, but also to ensure that even in case of an insecure
connection, an attacker may never get access to any sensitive information or
@ -754,8 +754,8 @@ compromise the security of the application in any other way.
- Communication between the Padloc client and server is always secured through
[Transport Layer Security](https://en.wikipedia.org/wiki/Transport_Layer_Security).
- No sensitive information is ever transmitted in plain text.
- Transmitted data is protected from tempering through Padlocs strong [Authentication Mechanism](#authentication-and-data-transfer).
- Padlocs [Key Exchange Mechanism](#trustless-server-mediated-key-exchange) is designed to be secure even over an untrusted connection.
- Transmitted data is protected from tampering through Padloc's strong [Authentication Mechanism](#authentication-and-data-transfer).
- Padloc's [Key Exchange Mechanism](#trustless-server-mediated-key-exchange) is designed to be secure even over an untrusted connection.
### Phishing
@ -796,7 +796,7 @@ a very minimum, too costly to be worthwhile.
[[TODO]]
### Password spraying
### Password Spraying
[[TODO]]