Restrict QR code to single use for verfication #62
Comments
|
One problem i see with this solution is DOS attacks and reacting to connection attempts after a (seemingly) successful verification. In particular.. an observer of the mail exchange could resend Bobs 'vc-request-with-auth' message from a different email address. My understanding is that this would look like a second legitimate contact request which would lead to a warning and error case. It would not allow reading encrypted messages - but it would cause doubt on the legitimate verification attempt. |
|
With #66 Alice will only perform the check in step 5 where she also received the AUTH token. Therefore she can easily destinguish legitimate QR code scans from replay attacks. If an attacker attempts a replay from a different email address the error message would mention this email address rather than Bobs. |
Michael Rogers lists a few attack scenarios if qr codes can be reused. They are mainly based on the attacker being able to access the QR code and performing the verified contact workflow.
Allowing AUTH codes to be used only once mitigates this attack because we can warn the person who showed the invite code that there were two attempts to use it.
(This issue is part of the feedback on the messaging@moderncrypto mailing list #61)
The text was updated successfully, but these errors were encountered: