From 1b9b5b519146b82ffd49a0425ac1103c1e28548c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodolphe=20Br=C3=A9ard?= Date: Tue, 1 Aug 2023 20:11:13 +0200 Subject: [PATCH] Update the README --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 135c155..b1351f1 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,7 @@ The code generation protocol is based on the HMAC-SHA-256 function. The hasher i This hash is then reduced to 5 bytes using the following dynamic offset truncation method. From the last byte of the hash, we take the last 4 bits, which gives an offset between 0 and 15. We then take the 5 bytes of the hash located at this offset. -The code is then generated by encoding those 5 bytes using base32 without padding. +The code is then generated by encoding those 5 bytes using base32 ([RFC 4648](https://datatracker.ietf.org/doc/html/rfc4648)) without padding. ## Frequently Asked Questions @@ -111,8 +111,6 @@ The local part can either be a real mailbox or an alias. It is up to you to deci No, this project is based on the filter API used by OpenSMTPD. -However, if someone implemented it in the exact same way for any other MTA, the progressive web app should work. - ### Does it supports IDN? Yes, internationalized domain names (IDN) are supported. You can specify domain names either using valid UTF-8 or Punycode ([RFC 3492](https://datatracker.ietf.org/doc/html/rfc3492)). @@ -127,7 +125,7 @@ That said, you can add a new local part that uses a new key and stop using the p No, it is not. -Efforts have been made so it is almost impossible to use one or several known valid addresses to create new addresses or recover the key. However, it may not be considered cryptographically secure. +Efforts have been made so it is almost impossible to use one or several known valid addresses to create new addresses or recover the key. However, it may not be considered cryptographically secure because of code's short length (5 bytes). ### Can you detail the efforts made to get a mostly secure code?