This prototype implementation generates full-entropy bit-strings and posts them in blocks of 512 bits every 60 seconds. Each such value is sequence-numbered, time-stamped and signed, and includes the hash of the previous value to chain the sequence of values together and prevent even the source to retroactively change an output package without being detected.
A selection of currently implemented calls are listed below. Users submitting a request need to provide the pulse generation time in POSIX format (number of milliseconds since midnight UTC, January 1, 1970 (see http://en.wikipedia.org/wiki/Unix_time for more information and http://www.epochconverter.com for an online time converter.)
The reference document for version 2.0 of the beacon may be found at: https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8213-draft.pdf.
@SlexAxton @rem definitely use pbkdf2. See for details and to s/bcrypt/pbkdf2. Sha-ing won’t do.
security cheat sheets for developers #owasp
Fast symmetric cryptography in Javascript