No, seriously, how does it work?
So you like technical stuff, eh? Without getting too technical, here it is:
Every time your XIM connects to the server, it sends your URL and your PIN number and the nonce, hashed
. Hashing is an method that generates an irreversible computation of the data given, so nobody can "crack open" this and get your PIN out of it. Before signing in, XIM combines your URL and your PIN number and the nonce
(one-time key) it receives, and sends it to the server. The server, when it gets the connection, does the exact same thing, and then compares the data it generated with the data it got from your computer. If they match, you are given green light to log in. If they don't, it will reject the connection.
What's a nonce?
is a series of random number and letters, used only once. Each time XIM connects to the server, the server creates a new nonce for your computer. This is combined with your URL and PIN to prevent reply attacks
How's my PIN stored?
Your PIN is stored as a hashed string on the server.
What is used to hash the data?
is used to hash XIM PIN data.