El 26 oct. 2016 3:17 a. m., "Michael" <[email protected]> escribió: > > Well I took a look into the code, not my primary language but readable, and have some concerns and some suggestions... > > # Concerns > > Opening signing up to an API is a very bad idea especially if the server administrator is using keys vulnerable to "known word" attacks, below is a link to the severity and key types effected. > > https://en.m.wikipedia.org/wiki/Digital_Signature_Algorithm#Sensitivity > > While sub key use may mitigate this; the whole concept of clients sending data for servers to process is fraught with danger... I will confess that I didn't read deep enough into the servers' side to inspect if the received strings where being scrubbed, nor do I have the expertise to know what that would look like in Python but I've enough knowledge to know that it's though no matter the language
You're right , casually I have modified the algorithm a few hours ago for that reason :). I am in the process of developing the idea and all comments are welcome. English is not my native language so I'll read the rest of your mail tomorrow. Greetings and good night :) -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
