On Apr 15, 2010, at 10:43 AM, Brian Dunnington <[email protected] > wrote:
replay attacks are possible and were a known compromise in deciding on the current system.
I don't think it's really necessary to fight off replay attacks. Someone mischievous could keep resend a message over and over, but it shouldn't be hard to deal with such persons in meatspace. ;)
your main point though about being able to intercept the keyhash.salt and re-use it is valid. i would love to come up with a workable solution that the Mac guys can implement as well.
In the Growl Talk protocol, authentication worked fine. All it would take on GNTP is rather than sending the password hash sending the hash of the body + password.
-- Patrick <[email protected]> -- You received this message because you are subscribed to the Google Groups "Growl Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/growldiscuss?hl=en.
