GothenburgBitFactory/taskwarrior
1
0
Fork 0
mirror of https://github.com/GothenburgBitFactory/taskwarrior.git synced 2025-06-26 10:54:26 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

sync server: Don't hash client_id for salt (#3250)

Browse source 
We don't know why we're doing this step so we probably shouldn't.
Cryptography isn't magic and extra steps are harmful in that they
obscure the important parts.
This commit is contained in:
ryneeverett 2024-01-21 18:16:25 -05:00 committed by GitHub
parent fa21835001
commit 082b6084fa
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 11 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

2
taskchampion/docs/src/http.md
View file

@ -6,7 +6,7 @@ The `origin` *should* be an HTTPS endpoint on general principle, but nothing in
The replica identifies itself to the server using a `client_id` in the form of a UUID.
This value is passed with every request in the `X-Client-Id` header, in its dashed-hex format.
The salt used in key derivation is the SHA256 hash of the 16-byte form of the client ID.
The salt used in key derivation is the 16-byte client ID.
## AddVersion