ed25519-login icon indicating copy to clipboard operation
ed25519-login copied to clipboard

Published 20 hours ago verified publisher icon 62726164

No verification of website

Open MaSven opened this issue 3 years ago • 3 comments

With this i don't know who the website is. So this is easy phishable as i can just forward the signature.

MaSven avatar Feb 27 '22 12:02 MaSven

I plan to switch to signing a nonce rather than the current time. Only the website and the user would know the nonce. A fake nonce would not be recognized by the real website.

62726164 avatar Feb 27 '22 17:02 62726164

An alternative would be appending the unix timestamp with the host domain. This limits the scope of the signature to the domain (or subdomain).

In a recent project, I switched from nonce to timestamp signing for two reasons:

  • Eliminates a round-trip to request the nonce
  • Server must not remember any nonce for the client (completely stateless)

You also don't need to store the whole public key (if you don't want/need), just a hash of it. The client can then send the pub key with the signature, and you can verify that it matches your stored hash.

My implementation of this approach: https://github.com/npchat/go-npchat/blob/main/auth.go#L53

Replay is still an obvious vulnerability. There is a simple way to address this. Only accept a given timestamp once. This only requires you to store timestamps within your chosen validity threshold (e.g 5 seconds ahead or behind).

intob avatar Mar 01 '22 19:03 intob

Yes, adding the domain to the timestamp is another good idea to limit the scope.

Thanks for the comment and the link.

62726164 avatar Mar 03 '22 19:03 62726164