5

Mitigation against replay attack

  • Live

Avatar
D3v

Currently the authentication and authorization system utilize only the digital signature so called addressSignedMessage. If someone somehow gather this signature from the browser or use highly sophisticated MITM it will get an unexpirable authentication credential. It is recommended to include some kind of nonce or/and timestamp based mitigation system.

A

Activity Newest / Oldest

Avatar

brunya.eth

Status changed to: Live