Connection: oops, we're vulnerable to a replay attack
This commit is contained in:
parent
3bdbad150c
commit
97da517a0e
1 changed files with 3 additions and 0 deletions
|
@ -177,6 +177,9 @@ class Connection extends EventEmitter {
|
||||||
|
|
||||||
// TODO: Consider anonymous TLS, with jpake for mututal authentication
|
// TODO: Consider anonymous TLS, with jpake for mututal authentication
|
||||||
// TODO: Consider https://devdocs.io/node/crypto#crypto.createCipheriv() - which lets us use any openssl ciphers we like - e.g. ChaCha20-Poly1305
|
// TODO: Consider https://devdocs.io/node/crypto#crypto.createCipheriv() - which lets us use any openssl ciphers we like - e.g. ChaCha20-Poly1305
|
||||||
|
|
||||||
|
// TODO: We're currently vulnerable to a replay attack. We need to mitigate this somehow.
|
||||||
|
|
||||||
let payload = JSON.stringify({ event, message });
|
let payload = JSON.stringify({ event, message });
|
||||||
payload = encrypt_bytes(
|
payload = encrypt_bytes(
|
||||||
this.session_key,
|
this.session_key,
|
||||||
|
|
Loading…
Reference in a new issue