[spec] use mdbook - cyrtophora - Unnamed repository; edit this file 'description' to name the repository.

commit 71f5ea8885f845b5bb99263345c65e409e60f2e2
parent 2c117e973f53efd01e40a29d5ffad9bc499e7c6a
Author: Jackson G. Kaindume <kaindume@kwatafana.org>
Date:   Thu,  1 Sep 2022 14:27:02 +0200

[spec] use mdbook

Diffstat:
M README.md  | 10 ++--------
A spec/.gitignore  | 1 +
A spec/book.toml  | 6 ++++++
D spec/database.md  | 12 ------------
D spec/password-hashing.md  | 77 -----------------------------------------------------------------------------
D spec/sqlite-support.md  | 17 -----------------
A spec/src/SUMMARY.md  | 7 +++++++
R spec/accounts.md -> spec/src/accounts.md  | 0 
A spec/src/cyrtophora.md  | 3 +++
A spec/src/database.md  | 6 ++++++
A spec/src/password-hashing.md  | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A spec/src/sqlite-support.md  | 11 +++++++++++

12 files changed, 107 insertions(+), 114 deletions(-)
diff --git a/README.md b/README.md
@@ -12,17 +12,11 @@ ___
        ░█░░░░█░░█▀▄░░█░░█░█░█▀▀░█▀█░█░█░█▀▄░█▀█
        ░▀▀▀░░▀░░▀░▀░░▀░░▀▀▀░▀░░░▀░▀░▀▀▀░▀░▀░▀░▀
 ```
-
-Depends on:
-
-- [scrypt](https://github.com/RustCrypto/password-hashes/tree/master/scrypt): Used for password hashing.
-- [ed25519 from the ring crate](https://github.com/briansmith/ring): Digital Signatures
-- [XChaCha20-Poly1305](https://github.com/RustCrypto/AEADs/tree/master/chacha20poly1305): Symmetric Encryption 
-
 ## Features
 
-- Accounts
+- Account Management
 - Input validation
+- Database
 
 ## Unlicense
 
diff --git a/spec/.gitignore b/spec/.gitignore
@@ -0,0 +1 @@
+book
diff --git a/spec/book.toml b/spec/book.toml
@@ -0,0 +1,6 @@
+[book]
+authors = ["Jackson G. Kaindume"]
+language = "en"
+multilingual = false
+src = "src"
+title = "cyrtophora"
diff --git a/spec/database.md b/spec/database.md
@@ -1,12 +0,0 @@
----
-title: Database
-subtitle: 
-author: Jackson G. Kaindume
-date: 2022-08-31
-...
----
-
-Cyrtophora stores structured data in a database. The following data is
-is stored:
-
-1. Accounts
diff --git a/spec/password-hashing.md b/spec/password-hashing.md
@@ -1,77 +0,0 @@
----
-title: Password Hashing
-subtitle: 🔐
-author: Jackson G. Kaindume
-date: 2022-08-14
-...
----
-
-## Why hash?
-
-It is only a matter of time until your server gets hacked, and
-when that happens you don't want the users passwords to be leaked --
-this will allow the attacker to gain access to the users resources.
-Some users also use the same password across many services, your 
-web-server can be the root cause of a chain of breaches.
-
-A cool way to prevent this type of leak is by __obfuscating__ the 
-users password with a [__hash function__](https://en.wikipedia.org/wiki/Hash_function).
-
-There are lots of hash functions that can be used, but most of these 
-will be a bad idea to use. For example if you use SHA-256 or other 
-computationally cheap functions (hash function without a __work factor__ 
-parameter), they are vulnerable to rainbow table attacks.
-Bruteforce is also possible if the password length is short/known, 
-asic miners can generate 100 TeraHashes PER Second.
-
-The server can increase the passwords entropy by concatenating it with
-a random string aka the __salt__. Users can also protect themselves 
-by using longer passwords.
-
-The best method to use against plaintext password leaks and rainbow
-table attacks is to use a __Password Hash Function__. Which is a hash 
-function specially designed to be slow/expensive to compute even on
-specialized hardware.
-
-## Scrypt [recommended]
-
-The [scrypt](https://www.tarsnap.com/scrypt.html) hash function uses large amounts of memory when hashing 
-making it expensive to scale to the point of reasonable bruteforce 
-attacks. Secure against hardware brute-force attacks.
-
-A number of cryptocurrencies use __scrypt__ for proof of work.
-
-Created by Colin Percival of [Tarsnap](https://en.wikipedia.org/wiki/Tarsnap)
-
-## Argon2d [recommended]
-
-The [Argon2d](https://en.wikipedia.org/wiki/Argon2) function is 
-designed to resist GPU cracking attacks. Secure against hardware 
-brute-force attacks.
-
-It is the winner of [Password Hashing Competition](https://www.password-hashing.net/).
-
-## Bcrypt
-
-[Bcrypt](https://en.wikipedia.org/wiki/Bcrypt) is based on the 
-[blowfish](https://en.wikipedia.org/wiki/Blowfish_(cipher)) cipher.
-
-Vulnerable against hardware brute-force attacks.
-
-## PBKDF2
-
-[PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) is an key derivation
-function with a sliding computational cost to reduce bruteforce 
-search.
-
-Vulnerable against hardware brute-force attacks.
-
-## Conclusion
-
-A cool way to prevent password leaks is by __obfuscating__ them
-with a password hash functions which offer additional security 
-against bruteforce from specialliazed hardware such as asics. If 
-password hash functions are used and implemented correctly even the 
-administrators of the server will not be able to read the users 
-passwords especially if the server is open source and the users can
-audit the code for themselves.
diff --git a/spec/sqlite-support.md b/spec/sqlite-support.md
@@ -1,17 +0,0 @@
----
-title: Sqlite Support
-subtitle: 
-author: Jackson G. Kaindume
-date: 2022-08-31
-...
----
-
-Sqlite is supported in cyrtophora as an optional feature:
-
-```toml
-cyrtophora = { path = "../../cyrtophora/phora", features = ["sqlite"] }
-```
-When the sqlite feature is enabled user account data will be saved in
-a sqlite database.
-
-
diff --git a/spec/src/SUMMARY.md b/spec/src/SUMMARY.md
@@ -0,0 +1,7 @@
+# Summary
+
+- [Cyrtophora](./cyrtophora.md)
+- [Accounts](./accounts.md)
+- [Database](./database.md)
+  - [SQLite Support](./sqlite-support.md)
+  - [Password-hashing](./password-hashing.md)
diff --git a/spec/accounts.md b/spec/src/accounts.md
diff --git a/spec/src/cyrtophora.md b/spec/src/cyrtophora.md
@@ -0,0 +1,3 @@
+# Cyrtophora
+
+Full-stack users-first web framework.
diff --git a/spec/src/database.md b/spec/src/database.md
@@ -0,0 +1,6 @@
+# Database
+
+Cyrtophora stores structured data in a database. The following data is
+is stored:
+
+1. Accounts
diff --git a/spec/src/password-hashing.md b/spec/src/password-hashing.md
@@ -0,0 +1,71 @@
+# Password Hashing
+
+## Why hash?
+
+It is only a matter of time until your server gets hacked, and
+when that happens you don't want the users passwords to be leaked --
+this will allow the attacker to gain access to the users resources.
+Some users also use the same password across many services, your 
+web-server can be the root cause of a chain of breaches.
+
+A cool way to prevent this type of leak is by __obfuscating__ the 
+users password with a [__hash function__](https://en.wikipedia.org/wiki/Hash_function).
+
+There are lots of hash functions that can be used, but most of these 
+will be a bad idea to use. For example if you use SHA-256 or other 
+computationally cheap functions (hash function without a __work factor__ 
+parameter), they are vulnerable to rainbow table attacks.
+Bruteforce is also possible if the password length is short/known, 
+asic miners can generate 100 TeraHashes PER Second.
+
+The server can increase the passwords entropy by concatenating it with
+a random string aka the __salt__. Users can also protect themselves 
+by using longer passwords.
+
+The best method to use against plaintext password leaks and rainbow
+table attacks is to use a __Password Hash Function__. Which is a hash 
+function specially designed to be slow/expensive to compute even on
+specialized hardware.
+
+## Scrypt [recommended]
+
+The [scrypt](https://www.tarsnap.com/scrypt.html) hash function uses large amounts of memory when hashing 
+making it expensive to scale to the point of reasonable bruteforce 
+attacks. Secure against hardware brute-force attacks.
+
+A number of cryptocurrencies use __scrypt__ for proof of work.
+
+Created by Colin Percival of [Tarsnap](https://en.wikipedia.org/wiki/Tarsnap)
+
+## Argon2d [recommended]
+
+The [Argon2d](https://en.wikipedia.org/wiki/Argon2) function is 
+designed to resist GPU cracking attacks. Secure against hardware 
+brute-force attacks.
+
+It is the winner of [Password Hashing Competition](https://www.password-hashing.net/).
+
+## Bcrypt
+
+[Bcrypt](https://en.wikipedia.org/wiki/Bcrypt) is based on the 
+[blowfish](https://en.wikipedia.org/wiki/Blowfish_(cipher)) cipher.
+
+Vulnerable against hardware brute-force attacks.
+
+## PBKDF2
+
+[PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) is an key derivation
+function with a sliding computational cost to reduce bruteforce 
+search.
+
+Vulnerable against hardware brute-force attacks.
+
+## Conclusion
+
+A cool way to prevent password leaks is by __obfuscating__ them
+with a password hash functions which offer additional security 
+against bruteforce from specialliazed hardware such as asics. If 
+password hash functions are used and implemented correctly even the 
+administrators of the server will not be able to read the users 
+passwords especially if the server is open source and the users can
+audit the code for themselves.
diff --git a/spec/src/sqlite-support.md b/spec/src/sqlite-support.md
@@ -0,0 +1,11 @@
+# Sqlite Support
+
+Sqlite is supported in cyrtophora as an optional feature:
+
+```toml
+cyrtophora = { path = "../../cyrtophora/phora", features = ["sqlite"] }
+```
+When the sqlite feature is enabled user account data will be saved in
+a sqlite database.
+
+

	cyrtophora Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs \| README

M	README.md	\|	10	++--------
A	spec/.gitignore	\|	1	+
A	spec/book.toml	\|	6	++++++
D	spec/database.md	\|	12	------------
D	spec/password-hashing.md	\|	77	-----------------------------------------------------------------------------
D	spec/sqlite-support.md	\|	17	-----------------
A	spec/src/SUMMARY.md	\|	7	+++++++
R	spec/accounts.md -> spec/src/accounts.md	\|	0
A	spec/src/cyrtophora.md	\|	3	+++
A	spec/src/database.md	\|	6	++++++
A	spec/src/password-hashing.md	\|	71	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A	spec/src/sqlite-support.md	\|	11	+++++++++++