[gnome-keysign: 2/3] Merge MAC verification when using wormhole

From: Ludovico de Nittis <denittis src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-keysign: 2/3] Merge MAC verification when using wormhole
Date: Mon, 1 Oct 2018 10:07:20 +0000 (UTC)

commit 2a67b564057ceb7e4a9cb20b1d15669b80ce16d3
Merge: 9f12d39 bf9637d
Author: muelli <muelli cryptobitch de>
Date:   Sun Aug 26 20:07:48 2018 +0200

    Merge MAC verification when using wormhole
    
    So far the QR code was pretty much public information. It did not really contain information that 
compromises your security. Now with wormhole that changes, because it contains the key we chose for the 
wormhole channel. We base the security of the transfer on the security of scanning the barcode. It is still 
public and an attacker getting hold of the QR code before the user can scan it can now cause a DoS. But 
that's still better than being able to inject arbitrary keys.

 keysign/discover.py        |  2 +-
 keysign/wormholereceive.py | 49 ++++++++++++++++++++++++++++++++--------------
 2 files changed, 35 insertions(+), 16 deletions(-)
---

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]