Connection: oops, we're vulnerable to a replay attack

This commit is contained in:
Starbeamrainbowlabs 2022-02-09 03:03:45 +00:00
parent 3bdbad150c
commit 97da517a0e
Signed by: sbrl
GPG key ID: 1BE5172E637709C2

View file

@ -177,6 +177,9 @@ class Connection extends EventEmitter {
// TODO: Consider anonymous TLS, with jpake for mututal authentication // TODO: Consider anonymous TLS, with jpake for mututal authentication
// TODO: Consider https://devdocs.io/node/crypto#crypto.createCipheriv() - which lets us use any openssl ciphers we like - e.g. ChaCha20-Poly1305 // TODO: Consider https://devdocs.io/node/crypto#crypto.createCipheriv() - which lets us use any openssl ciphers we like - e.g. ChaCha20-Poly1305
// TODO: We're currently vulnerable to a replay attack. We need to mitigate this somehow.
let payload = JSON.stringify({ event, message }); let payload = JSON.stringify({ event, message });
payload = encrypt_bytes( payload = encrypt_bytes(
this.session_key, this.session_key,