I have some questions about how RFC 0000 affects account logins. As I understand it, when an account is created, the client makes a
PUT request for
StructuredData and stores the account information. This account information is encrypted with the user’s password and stored in the data slot of
Hash(Hash(keyword + pin) + 0). And then this data is stored in on the network where anyone with the pin + keyword + tag_type can get it.
- What happens when an account already exists?
- What happens when a user tries to perform a brute force attack on the network? Before I believe that the network just returned a blob of random data that is indistinguishable from actual encrypted information. Does the network still do this?
RFC 0001 adds a public key to all
StructureData. Does this mean that an attacker can see if the blob of data returned is a valid account or not?
Answers (to be added):
I would also like to point out an interesting thing you can do with RFC 0001. If you create an account and save the private key used to create the account, then you can use this key on another computer to create a delayed automatic account delete. For example, if I wanted my account to be deleted after X amount of days, I could use a third party such as a server, friend’s computer, or even a raspberry pi somewhere to automatically delete the account without giving up the password used to encrypted the account data.