Author: Mark Friedenbach 2013-11-02 21:51:22
Published on: 2013-11-02T21:51:22+00:00
The context is a PGP signed message with a discussion between two individuals, Johnathan Corgan and bitcoingrant@gmx.com. The discussion revolves around the concern of signing an arbitrary string by the client when the server provides a token. Johnathan expresses his concern about the possibility of signing an evil document hash instead of the intended string. He suggests XORing the string with a randomly generated nonce before signing it to ensure security. The conversation ends with a PGP signature from Johnathan.
Updated on: 2023-06-07T18:54:03.659683+00:00