github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/docs/diagrams/bitwarden-onboarding.gv (about) 1 digraph bitwarden { 2 graph [splines=true]; 3 node [shape="box", fontname="lato", fontsize=11, margin=0.12, color="#297EF2", fontcolor="#32363F"]; 4 edge [color="#32363F"]; 5 ranksep=0.45; nodesep=0.6; 6 7 subgraph source { 8 rank=same; margin=24; 9 10 user [label="User", color="#7F6BEE", shape="oval"]; 11 random [label="Random", color="#7F6BEE", shape="oval"]; 12 } 13 14 subgraph cluster_client { 15 label="Client bitwarden"; labeljust="l"; fontname="lato"; fontsize=12; margin=24; 16 17 symKey [label="{symmetric key| enc key (256 bits) | mac key (256 bits)}", shape="record"]; 18 iv [label="iv (128 bits)"]; 19 makeKey [label="{Encrypt| Algo: AES |<key> Key: master key |<payload> Payload: symmetric key |<iv> IV: iv}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"]; 20 protectedKey [label="protected key\n(key)"] 21 22 masterPassword [label="master password"]; 23 email [label="email\n(me@<domain>)"]; 24 kdfOne [label="{Hash| Algo: PBKDF2 - SHA256 | Iterations: 100_000 |<payload> Payload: master password |<salt> Salt: email}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"]; 25 masterKey [label="master key\n(internal key)"]; 26 kdfTwo [label="{Hash| Algo: PBKDF2 - SHA256 | Iterations: 1 |<payload> Payload: master key |<salt> Salt: master password | Iterations: 1}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"]; 27 hashedPasswordC [label="hashed password\n(derivated passphrase)"]; 28 } 29 30 subgraph cluster_server { 31 label="Cozy-stack"; labeljust="l"; fontname="lato"; fontsize=12; margin=24; 32 33 keyS [label="key"]; 34 hashedPasswordS [label="hashed password"]; 35 scrypt [label="{Hash| Algo: Scrypt}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"]; 36 hashPass [label="passphrase hash"]; 37 db [label="Database", shape="cylinder", color="#7F6BEE", margin=0.2]; 38 } 39 40 random -> iv; 41 random -> symKey; 42 user -> masterPassword; 43 user -> email; 44 45 masterKey -> makeKey:key; 46 symKey -> makeKey:payload; 47 iv -> makeKey:iv; 48 makeKey -> protectedKey; 49 50 masterPassword -> kdfOne:payload; 51 email -> kdfOne:salt; 52 kdfOne -> masterKey; 53 54 masterKey -> kdfTwo:payload; 55 masterPassword -> kdfTwo:salt; 56 kdfTwo -> hashedPasswordC; 57 58 hashedPasswordC -> hashedPasswordS -> scrypt -> hashPass -> db; 59 protectedKey -> keyS -> db; 60 }