search

colaorange / daily-money-one-doc

daily money one, issues
0 stars 0 forks source link

Support password portection #8

Closed colaorange closed 2 months ago

colaorange commented 5 months ago

The main problem with the password feature is how to handle the scenario when a user forgets their password.

User Password Verification Flow

  1. User sets a password -> store digest1 = digest(password)
  2. In the protection screen, the user enters the password -> digest(password) == digest1 -> pass

Forgot Password Flow

  1. In the forget password screen -> show cipher = encrypt(digest2 = digest(digest1), publickey) on screen (for the user to copy)
  2. User mails the cipher to colaorange
  3. Colaorange decrypts(cipher, privatekey) -> digest2
  4. Colaorange sends digest2 to the user
  5. In the forget password screen, the user enters digest2 -> digest2 == digest(digest1) -> pass
dennischen commented 2 months ago

Screenshot_1721698853