Autha, pronounced
Otter
🦦, is the service that manages user accounts and the associated delegation. ☄️
Autha is an OAuth2 server designed with Rust to allow extreme low resource usage, low latency and high request throughput.
It implements an account creation, connection and authorization delegation system.
Status:
We want to guarantee our users increased security. This way, all users can see how we store data and also help us to improve the cryptographic systems.
Argon2
,ChaCha20Poly1305
,SHA-3
andFPE
(withAES
) are the hashing and cryptographic systems used- Short expiration time (<
15 min.
) - JWT with asymmetric key
- One-Time Usage OAuth token
Argon2id is a key-derivative hash function which resists to side-channel attacks and is more reliable against GPU cracking attacks.
It allows us to manage the amount of memory used, the degree of parallelism as well as the number of iterations to do.
ChaCha20 is an encryption function built around a pseudorandom function.
Poly1305 (MAC) allows to verify the integrity of the data as well as their veracity (authenticity).
ChaCha20Poly1305 is an AEAD algorithm standardized by RFC. It allows to verify authenticity and confidentiality.
SHA-3 is a hash function and is the latest version of the Secure Hashed Algorithm. Even if SHA-2 is not replaced by this version, SHA-3 can resist a length extension attack.
Format-preserving encryption aka FPE is an encryption function that provides the same output for the same text and the same format.
To achieve encryption, we use AES, which is used by the US government.
We try to use high-performance databases to optimize critical response times.
- Apache Cassandra
- Memcached
We are also working on implementing a possibility to use PostgreSQL
instead of Apache Cassandra
.
Apache Cassandra is a fast, fault-tolerant and ultra-scalable distributed database optimized for mass writing.
We use Cassandra to manage user accounts and security; every significant action taken by the user is logged.
Memcached is a key-value database with in-memory capability, extremely fast. Used to cache public user data and redistribute it quickly as well as to unclog requests to Cassandra.