sync server: Don't hash client_id for salt (#3250)

We don't know why we're doing this step so we probably shouldn't. Cryptography isn't magic and extra steps are harmful in that they obscure the important parts.
2024-01-21 18:16:25 -05:00
parent fa21835001
commit 082b6084fa
10 changed files with 11 additions and 17 deletions
--- a/taskchampion/docs/src/http.md
+++ b/taskchampion/docs/src/http.md
@@ -6,7 +6,7 @@ The `origin` *should* be an HTTPS endpoint on general principle, but nothing in
 The replica identifies itself to the server using a `client_id` in the form of a UUID.
 This value is passed with every request in the `X-Client-Id` header, in its dashed-hex format.

-The salt used in key derivation is the SHA256 hash of the 16-byte form of the client ID.
+The salt used in key derivation is the 16-byte client ID.

 ## AddVersion