I see, however the project has already been accepted so i will have to
do it anyway :(
Maybe i can think not to use random numbers but something to make it
more difficult that a false ciphertext be accepted by other nodes.
Thanks, i will use the references to point out the vulnerabilities.
El
>Right, I see. Are you familiar with the HMAC extension to babel
>(RFC7298)? That does something different (it prevents nodes that don't
>know the shared secret from participating in the network at all, but
>does not restrict which prefixes each node can export). However, it may
>be useful to read
Rodrigo Garcia writes:
>> But if everyone knows how to decrypt all the tokens they are not really
>> secret; so it basically becomes the same as a signature, no? Except if
>> it's *not* signed you may be able to spoof other values by changing the
>> ciphertext of a valid token
3 matches
Mail list logo