waxwing on Nostr: AFAIR LEA aren't a concern here. The classic example of a LEA attack vector is a ...
AFAIR LEA aren't a concern here. The classic example of a LEA attack vector is a badly designed HMAC in which the data to be authorised is appended *after* the secret key. Then you can add more data that is erroneously authorised. For a commitment to fixed length data this doesn't apply.
Haven't looked it up, but I *think * that's right.
Published at
2023-04-17 16:54:10Event JSON
{
"id": "05307c43e73665470c57a7010c7cc6ed7665a370465e8db255a33af1cd6c4fc4",
"pubkey": "675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728",
"created_at": 1681750450,
"kind": 1,
"tags": [
[
"e",
"6e1828963340f8c865c863be2d7cb984f8eb43fe6ddad32b3ecf8f5846345810",
"",
"root"
],
[
"e",
"fe20b1f99d0bcce8092ff07036d46518bee9128ce557688a523a002a7a10efe0",
"",
"reply"
],
[
"p",
"b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc"
],
[
"p",
"dbf3d7c79a92995ccfb135997ac1612f41637c8a805be393204b3d1c2769d127"
]
],
"content": "AFAIR LEA aren't a concern here. The classic example of a LEA attack vector is a badly designed HMAC in which the data to be authorised is appended *after* the secret key. Then you can add more data that is erroneously authorised. For a commitment to fixed length data this doesn't apply.\n\nHaven't looked it up, but I *think * that's right.",
"sig": "accc25a2ebb2b759c04e331ff7700e6c21d1d469b8d76cfeac9051c9d43e05d3b242cc08eb6ed19c4a7b37d4a1d9ba425be0e9519f7e86c40ff3335b2463eb98"
}
