Differences From:

File www/sync.html part of check-in [4038525bc5] - Slight editorial changes to sync documentation, fixing spelling errors. by aku on 2007-09-10 02:21:46. [view]

To:

File www/sync.html part of check-in [776753118f] - The nonce of a login card in the sync protocol is now the SHA1 hash of the remainder of the sync message. The signature is the SHA1 hash of the concatenation of the nonce and the users password. by drh on 2007-09-12 02:25:37. [view]

@@ -121,14 +121,17 @@
 <b>login</b>  <i>userid  nonce  signature</i>
 </blockquote>
 
 <p>The userid is the name of the user that is requesting service
-from the server.  The nonce is a random one-use hexadecimal number.
-The signature is the SHA1 hash of the users password.</p>
+from the server.  The nonce is the SHA1 hash of the remainder of
+the message - all text that follows the newline character that
+terminates the login card.  The signature is the SHA1 hash of
+the concatenation of the nonce and the users password.</p>
 
 <p>For each login card, the server looks up the user and verifies
-that the nonce has never before been used.  It then checks the
-signature hash to make sure the signature matches.  If everything
+that the nonce matches the SHA1 hash of the remainder of the
+message.  It then checks the signature hash to make sure the
+signature matches.  If everything
 checks out, then the client is granted all privileges of the
 specified user.</p>
 
 <p>Privileges are cumulative.  There can be multiple successful