XIM - XKit 7 - The Browser Extension for Tumblr


The XKit Instant Messenger

What is XIM PIN?

XIM PIN is a four digit number associated with your Tumblr URL.
It is used so that only you can access XIM using your URL, and not others.

How does it work?

For a such complex system like, it's easy.

Simple! If you have no XIM PIN set, you'll be asked to create a PIN number with 4 digits.
After that, it'll be saved to your computer, and XIM will send your PIN each time you connect.
If you reset XKit or switch to another computer, XIM server will require you to enter your XIM PIN before signing in.

Help! I can't access XIM!

Forgot your XIM PIN?

You can now reset your XIM PIN by using XIM only, no need to contact me to get your PIN reset.
Just click on "Reset my PIN" button on the "Enter PIN" window, and in ~30 seconds, the server will reset your XIM PIN.

No, seriously, how does it work?

So you like technical stuff, eh? Without getting too technical, here it is:


Every time your XIM connects to the server, it sends your URL and your PIN number and the nonce, hashed. Hashing is an method that generates an irreversible computation of the data given, so nobody can "crack open" this and get your PIN out of it. Before signing in, XIM combines your URL and your PIN number and the nonce (one-time key) it receives, and sends it to the server. The server, when it gets the connection, does the exact same thing, and then compares the data it generated with the data it got from your computer. If they match, you are given green light to log in. If they don't, it will reject the connection.

What's a nonce?

A nonce is a series of random number and letters, used only once. Each time XIM connects to the server, the server creates a new nonce for your computer. This is combined with your URL and PIN to prevent reply attacks.

How's my PIN stored?

Your PIN is stored as a hashed string on the server.

What is used to hash the data?

MD5 is used to hash XIM PIN data.