Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • rdsys rdsys
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 47
    • Issues 47
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 1
    • Merge requests 1
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Infrastructure Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Anti-censorship
  • rdsysrdsys
  • Issues
  • #15

Closed
Open
Created Oct 20, 2020 by Philipp Winter@phwReporter

Devise a user ID for Salmon

Salmon needs a way to identify users. Instead of an email/password system, I prefer a design that consists of a password only. The benefit is less complexity and more privacy because the user doesn't expose her email address. The downside is that if you lose your password, your account is gone for good because there's no email address for password resets.

Here are the criteria for the password:

  • It must not be guessable, i.e. incorporate 120 bits of random bits from a CSPRNG.
  • The encoding should be human readable. We're working on a design that doesn't expose the password to the user (see #7) but it's still useful for users to be able to recognise or copy and paste her password.
Assignee
Assign to
Time tracking