LuckPermsWeb icon indicating copy to clipboard operation
LuckPermsWeb copied to clipboard

Published 20 hours ago verified publisher icon LuckPerms

Suggestion to Change RSASSA-PKCS1-v1_5 Padding Mode for Improved Security

Open tianjk99 opened this issue 1 year ago • 0 comments

Please check if there is an issue with signing using RSASSA-PKCS1-v1_5 padding mode.

  1. src/util/ws.js, line 31
  2. src/util/ws.js, line 290
  3. src/util/ws.js, line 304

It's important to note that the PKCS#1 v1.5 padding scheme is considered insecure due to vulnerabilities, such as the RSA-PKCS1-v1_5-Attack in RSA signatures. To enhance the security of your code, I would recommend considering a switch to the RSASSA-PSS (Probabilistic Signature Scheme) padding scheme.

tianjk99 avatar Dec 22 '23 07:12 tianjk99