[Babel-users] About an authentication extension
Toke Høiland-Jørgensen
toke at toke.dk
Mon Sep 11 07:35:24 UTC 2017
Rodrigo Garcia <strysg at riseup.net> writes:
> I see, however the project has already been accepted so i will have to
> do it anyway :(
>
> Maybe i can think not to use random numbers but something to make it
> more difficult that a false ciphertext be accepted by other nodes.
Well, the way you avoid this is to do a proper signature. You could do
something like SIGN(CONCAT(prefix, router_id, nonce)) and use that as
your token. The exact information you use for the signature has to be
decided based on your threat analysis, which is why I suggested you take
a step back and do one. For instance, you may want to add a timestamp so
you can expire signatures after a while.
> Thanks, i will use the references to point out the vulnerabilities.
Good luck! :)
-Toke
More information about the Babel-users
mailing list