Author: Johnathan Corgan 2013-11-02 21:14:22
Published on: 2013-11-02T21:14:22+00:00
In an email sent on 11th January 2013, bitcoingrant at gmx.com expressed concern about signing an arbitrary string. He suggested that the server should provide a token for the client to sign instead of an arbitrary string that could be a hash of $EVIL_DOCUMENT. A user by the name of Johnathan Corgan responded to this email and suggested that he would want to XOR the string with his own randomly generated nonce, sign it, and then pass the nonce and the signature back to the server for verification. Johnathan Corgan is associated with Corgan Labs and provides SDR training and development services. The email contained two non-text attachments: johnathan.vcf and signature.asc.
Updated on: 2023-06-07T18:56:57.944472+00:00