passport-js icon indicating copy to clipboard operation
passport-js copied to clipboard

Published 20 hours ago verified publisher icon TelegramPassport

Implement more secure AppId

Open hthetiot opened this issue 7 years ago • 2 comments

Currently AppId generated on https://telepass.me are sequential (10003, 10004) and can allow attacker to simply write script to list all client Id.

Possible solution:

  • Generate UUID
  • Apply XOR on AppId with a secret salt

hthetiot avatar Nov 25 '16 04:11 hthetiot