nodemailer/wildduck
1
1
Fork 0
mirror of https://github.com/nodemailer/wildduck.git synced 2024-12-27 02:10:52 +08:00
Code Issues Projects Releases Packages Wiki Activity

Updated Security implementation (markdown)

Andris Reinman 2017-08-07 17:05:25 +03:00
parent 71cde13c7d
commit 6f719c71cc
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Security-implementation.md

@ -10,7 +10,7 @@ If 2FA is enabled then account password can only be used for the "master" scope
## Application Specific Passwords
Application Specific Passwords are 16 byte strings, consisting of lowercase random latin characters. ASPs are stored as separate *asp* entries in the users database.
Application Specific Passwords are 16 byte strings, consisting of lowercase random latin characters. ASPs can include additional whitespace symbols as all whitespace symbols are removed from the password before doing any validations with it (this behavior does not extend to the account password where whitespace symbols matter). ASPs are stored as separate *asp* entries in the users database.
ASPs are hashed with bcrypt, using 12 rounds. Additionally the 4 first symbols of the ASP are hashed with md5. This is needed to detect potential ASPs when authenticating (user password is compared against only these ASPs that have a matching md5 hash of the 4 first characters).