From 97da517a0e125a1a2bc012f7c93a77c1b7c7394c Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com>
Date: Wed, 9 Feb 2022 03:03:45 +0000
Subject: [PATCH] Connection: oops, we're vulnerable to a replay attack

---
 src/lib/transport/Connection.mjs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/lib/transport/Connection.mjs b/src/lib/transport/Connection.mjs
index 70c5253..6bc389b 100644
--- a/src/lib/transport/Connection.mjs
+++ b/src/lib/transport/Connection.mjs
@@ -177,6 +177,9 @@ class Connection extends EventEmitter {
 		
 		// TODO: Consider anonymous TLS, with jpake for mututal authentication
 		// TODO: Consider https://devdocs.io/node/crypto#crypto.createCipheriv() - which lets us use any openssl ciphers we like - e.g. ChaCha20-Poly1305
+		
+		// TODO: We're currently vulnerable to a replay attack. We need to mitigate this somehow.
+		
 		let payload = JSON.stringify({ event, message });
 		payload = encrypt_bytes(
 			this.session_key,