Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto hardening #101

Open
3 tasks
indomitableSwan opened this issue Aug 19, 2022 · 0 comments
Open
3 tasks

crypto hardening #101

indomitableSwan opened this issue Aug 19, 2022 · 0 comments
Labels

Comments

@indomitableSwan
Copy link
Contributor

indomitableSwan commented Aug 19, 2022

Non-exhaustive list:

  • Document the need for serializing input passed to hash functions and other cryptographic primitives and create appropriate implementation issues. Encoding of inputs should be unambiguous. e.g., prepend lengths of concatenated inputs to Hash functions, as in Hash("5" || "Alice" || "6" || "Victor").
  • Harden spec & implementation against misuse of the import_key functionality. Imported keys have inherently different security properties than keys that are generated internally by Lock Keeper. The implementation should make it difficult to misuse, and the protocols should protect the key server against unknowingly viewing an externally generated key as as internally generated key.
  • Harden spec & implementation against misuse of keys generated locally by the client. Keys generated client-side have inherently different security properties than keys that are generated by the Lock Keeper key server. This becomes especially important with the introduction of keys with shared control, i.e., with a policy engine.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant