Ryan Smith
Ryan Smith
Ah, I suppose that auth-size can be known prior to ecies encryption using: `len(auth-body || auth-padding) + 113`. Does that sound correct?
@honi Can you submit a PR? I would love to see this improvement integrated into the project. @gunta Would you cut a new release if @honi made a PR?
+1 I am quite surprised to find that there is no easy way to prevent this attack. This is a pretty easy attack to create too.
I should also add that it is good security practice to always set timeouts on reading and writing along with the max number of bytes you would want to accept....
+1 I feel like this changed recently and the new behaviour adds key strokes to a common activity.