optional string legacy_canonicalized_title = 3 Contains legacy title which is truncated and may contain escaped symbols. In components/sync/protocol/sync.proto, each SyncEntity contains EntitySpecifics which is the actual data of each data type. Then the stretched key is used directly as a AES128-CTR-HMAC encryption key.Future clients will receive the salt from the server so that they can derive the same key. ![]() The first client generates a random salt and sends it to the server. BIP39 phrase is key-stretched using scrypt(N = 2^13, r = 8, p = 11).The rest of the encryption is handled by Chromium as follows: Instead of letting the user pick a passphrase, which may be weak, we force the passphrase to be the BIP39 encoding of the sync seed. We use the built-in custom passphrase feature from Chromium sync and encrypt everything client-side. Timestamps over 1 day old are considered expired. And every server response contains Sane-Time-Millis header which will update the network time. ![]() Timestamp is fetched from network time if network time is not available at the moment, client uses local time. HKDF-SHA512 is used to derive the Ed25519 signing keypair used for authentication to the sync server.Ĭlient will compose a sync server access token following the format base64(timestamp_hex|signed_timestamp_hex|public_key_hex). If another client wants to join the sync chain, they can enter the BIP39 key phrase from the initial client by entering the words manually or scanning a QR code.
0 Comments
Leave a Reply. |