A brief overview of the used cryptography

General

All cryptography is based on https://nacl.cr.yp.to

For our client we are using ecma-nacl a JavaScript implementation of NaCl.

Our server uses PyNaCl

As our “authkey derivation function” users scrypt we also have a scrypt library in our server scrypt and client (already part of ecma-nacl).

The authkey is generated by the following algorithm:

var generate_authkey = function (username, password) {

    var salt = sha512(username.toLowerCase());

    var u = 14; // 2^14 = 16MB
    var r = 8;
    var p = 1;
    var l = 64; // 64 Bytes = 512 Bits

    var authkey = to_hex(scrypt(encode_utf8(password), salt, u, r, p, l));

    return authkey;
};
Edit me
Tags: development