Network Key Generation
This document describes the network key generation process used in Excalibur, which is based on 1Password's key generation process as described in their security whitepaper.
The key generation process can be concisely summarized in the following flowchart.
Let's examine each step in detail.
-
Password Normalization
- Trim leading/trailing whitespace from the password
- Apply Unicode NFKD normalization to handle different character encodings
- Convert the normalized password to a UTF-8 byte array
-
Slow Hash (PBKDF2)
- Algorithm: PBKDF2 with HMAC-SHA256
- Iterations: 650,000
- Input: Normalized password + Salt
- Output: 32-byte derived key
-
Fast Hash (HKDF)
- Algorithm: HKDF with SHA-256
- Input: Username (as additional info) + Salt
- Output: 32-byte derived key
-
Key Combination
- The final master key is generated by XORing the outputs of the PBKDF2 and HKDF operations
This key generation step is used to generate a key for unlocking the vault1, called the Account Unlock Key (AUK), using a salt called auk_salt.
If a user uses SRP authentication, the same key generation step is used to generate a key for SRP authentication, called the SRP Key, using a salt called srp_salt.
The reason for why we need a second key is that we don't want a leak of the communication key (i.e., the SRP key) to compromise the vault, and vice versa. Thus the two salts, auk_salt and srp_salt, are distinct.