Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Key commitment / Oracle? #7

Open
eau-u4f opened this issue Aug 17, 2021 · 0 comments
Open

Key commitment / Oracle? #7

eau-u4f opened this issue Aug 17, 2021 · 0 comments
Labels
enhancement New feature or request question Further information is requested

Comments

@eau-u4f
Copy link
Contributor

eau-u4f commented Aug 17, 2021

We are using AEAD inside this library, should we implement a key commitment scheme?
keys are pseudo-random (KDF, so I lean toward a KISS: no), the validation endpoint might act as an oracle in a potential key partionning attack against the cookie, let's verify and make sure it does not happen.
Key commitment could just remove that risk.

References:
@eau-u4f eau-u4f added enhancement New feature or request question Further information is requested labels Aug 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eau-u4f