Author: Melvin Carvalho 2013-11-06 03:38:59
Published on: 2013-11-06T03:38:59+00:00
In an email exchange between Johnathan Corgan and bitcoingrant, the topic of concern was regarding the signing of an arbitrary string by the server. Bitcoingrant suggested that it might be a hash of $EVIL_DOCUMENT, which could pose a security threat. He further recommended XORing the string with a randomly generated nonce, signing it, and passing both the nonce and signature back to the server for verification. Johnathan agreed with this suggestion. The conversation also touched on the little-known HTTP code 402, "Payment Required," which was originally intended to be used as part of some form of digital cash or micropayment scheme, but is not typically used. For example, Apple's defunct MobileMe service generated a 402 error if the account was delinquent, and YouTube uses this status if a particular IP address has made excessive requests, requiring the person to enter a CAPTCHA.Lastly, Johnathan provided his contact information and a link to his company's website, Corgan Labs, which provides SDR Training and Development Services. The email was sent through the Bitcoin-development mailing list.
Updated on: 2023-06-07T18:53:05.536243+00:00