Skip to content

Instantly share code, notes, and snippets.

@anthony-dandrea

anthony-dandrea/idea.md

Last active August 29, 2015 14:26
Show Gist options
  • Save anthony-dandrea/68ef6f8c48064b39342d to your computer and use it in GitHub Desktop.
Save anthony-dandrea/68ef6f8c48064b39342d to your computer and use it in GitHub Desktop.
Download ZIP
scrty encryption flow idea
Raw
idea.md

The user bigpapa logs in then wants to store a new password.

So they give the BE:

App/Site Name Passwd
Reddit.com foobz

The backend encrypts the password and stores this app/site name with their username with previous sites/apps stored in a db like so:

Username App/Site Name
bigpapa Reddit.com
bigpapa twitter.com

Frontend gets back this to store in localstorage:

App/Site Name Encyrpted Passwd
Reddit.com afshjfb378rfsduaf

Now say bigpapa logs in a day later and wants to get into reddit. After authing with LKey he sends the BE:

App/Site Name Encyrpted Passwd
Reddit.com afshjfb378rfsduaf

And the be spits back:

App/Site Name Passwd
Reddit.com foobz

Sending passwords over the net could maybe be bad(?) but people do it. If we were serious we'd have to use https/ssl.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment