-
Notifications
You must be signed in to change notification settings - Fork 78
Email Password Hash User Authentication
Wesley Miaw edited this page Jul 15, 2016
·
2 revisions
This user authentication scheme makes use of an email and password but avoids sending the password over the wire as an extra security precaution. Instead, a nonce is hashed with the password using SHA-256 and the resulting hash value is sent. The recipient can verify the value if it also knows the password.
This scheme is identified by the string EMAIL_PASSWORDHASH
.
authdata = {
"#mandatory" : [ "email", "nonce", "hash" ],
"email" : "string",
"nonce" : "binary",
"hash" : "binary",
}
Field | Description |
---|---|
user email address | |
hash | hash of nonce and user password |
nonce | random value |
The nonce should be a randomly generated value of sufficient length. Using a value at least as long as the hash algorithm block size is recommended.
The hash of the nonce concatenated with the user password.
A Netflix Original Production
Tech Blog | Twitter @NetflixOSS | Jobs
- Introduction
- Encoding & Normalization
- Cryptography
- Versioning
- MSL Networks
- Entity Authentication
- User Authentication
- Key Exchange
- Service Tokens
- Messages
- Error Messages
- Application Security Requirements
- Protocol Implementation
- Configuration Guide