A while back, I noted that it's less than ideal how an AbiathRPC server could order the client to sign anything the same length as a SHA256 hash. Putting the client in complete control of the message to be signed is also very bad, since that would enable replay attacks. I know I can't completely solve man-in-the-middle attacks without some sort of PKI, but I came to a good solution: have the server and client both be responsible for the signed message.
Now, the server still sends an authentication challenge for VeriMaps authentication, but the method that accepts the signed version now takes another part of the message in addition to the signature. When authenticating, the client generates a random bunch of bytes, appends that to the stuff received as the server's challenge, computes the SHA256 hash, and signs that.
No comments:
Post a Comment