Re: [Babel-users] About an authentication extension

I see, however the project has already been accepted so i will have to do it anyway :( Maybe i can think not to use random numbers but something to make it more difficult that a false ciphertext be accepted by other nodes. Thanks, i will use the references to point out the vulnerabilities. El

Re: [Babel-users] About an authentication extension

>Right, I see. Are you familiar with the HMAC extension to babel >(RFC7298)? That does something different (it prevents nodes that don't >know the shared secret from participating in the network at all, but >does not restrict which prefixes each node can export). However, it may >be useful to read

Re: [Babel-users] About an authentication extension

Rodrigo Garcia writes: >> But if everyone knows how to decrypt all the tokens they are not really >> secret; so it basically becomes the same as a signature, no? Except if >> it's *not* signed you may be able to spoof other values by changing the >> ciphertext of a valid token