Connection: Update comment on replay attack
We still have the same problem, but solution do it is much simpler than we first thought....
This commit is contained in:
parent
1c5f5fb37a
commit
837804ec22
1 changed files with 7 additions and 4 deletions
|
@ -175,10 +175,13 @@ class Connection extends EventEmitter {
|
|||
if(new Date() - this.rekey_last > this.rekey_interval && !this.rekey_in_progress)
|
||||
await this.rekey();
|
||||
|
||||
// TODO: Consider anonymous TLS, with jpake for mututal authentication
|
||||
// TODO: Consider https://devdocs.io/node/crypto#crypto.createCipheriv() - which lets us use any openssl ciphers we like - e.g. ChaCha20-Poly1305
|
||||
|
||||
// TODO: We're currently vulnerable to a replay attack. We need to mitigate this somehow - probably by maintaining a sequence number. Instead of sending the sequence number though we should instead compute a MAC that also includes the message length and a bunch of other things etc. Of course, we will also need to make sure we don't fall afoul of mac-then-encrypt, encrypt-then-mac, etc issues...
|
||||
/*
|
||||
TODO: Consider anonymous TLS, with jpake for mututal authentication
|
||||
TODO: Consider https://devdocs.io/node/crypto#crypto.createCipheriv() - which lets us use any openssl ciphers we like - e.g. ChaCha20-Poly1305
|
||||
TODO: We're currently vulnerable to a replay attack. We need to mitigate this somehow - probably by maintaining a sequence number. Instead of sending the sequence number though we should instead compute a MAC that also includes the message length and a bunch of other things etc. Of course, we will also need to make sure we don't fall afoul of mac-then-encrypt, encrypt-then-mac, etc issues...
|
||||
Ref https://www.rfc-editor.org/rfc/rfc4346#appendix-F.2 for the sequence counter in TLS
|
||||
We do *not* need another manual MAC, as tweetnacl's secretbox uses xsalsa20-poly1305, which is an *authenticated* encryption algorithm. Thus, all we need do is prepend the plaintext with a sequence number.
|
||||
*/
|
||||
|
||||
let payload = JSON.stringify({ event, message });
|
||||
payload = encrypt_bytes(
|
||||
|
|
Loading…
Reference in a new issue