[BUG]: Prevent peer public key spoofing in p2p #4065
Assignees
Labels
Bug
Something isn't working
iroha2-dev
The re-implementation of a BFT hyperledger in RUST
QA-confirmed
This bug is reproduced and needs a fix
Security
This issue asks for improved security
Comments
Erigara
added
Bug
Erigara
added a commit
to Erigara/iroha
that referenced
this issue
Nov 22, 2023
Signed-off-by: Shanin Roman <[email protected]>
Erigara
added a commit
to Erigara/iroha
that referenced
this issue
Nov 22, 2023
Signed-off-by: Shanin Roman <[email protected]>
Erigara
added a commit
to Erigara/iroha
that referenced
this issue
Nov 22, 2023
Signed-off-by: Shanin Roman <[email protected]>
Erigara
added a commit
to Erigara/iroha
that referenced
this issue
Nov 22, 2023
Signed-off-by: Shanin Roman <[email protected]>
Erigara
added a commit
to Erigara/iroha
that referenced
this issue
Nov 22, 2023
Signed-off-by: Shanin Roman <[email protected]>
Erigara
added a commit
to Erigara/iroha
that referenced
this issue
Nov 22, 2023
Signed-off-by: Shanin Roman <[email protected]>
Erigara
added a commit
to Erigara/iroha
that referenced
this issue
Nov 22, 2023
Signed-off-by: Shanin Roman <[email protected]>
Erigara
added a commit
that referenced
this issue
Nov 22, 2023
Signed-off-by: Shanin Roman <[email protected]>
Erigara
added a commit
to Erigara/iroha
that referenced
this issue
Nov 22, 2023
Signed-off-by: Shanin Roman <[email protected]>
Erigara
added a commit
that referenced
this issue
Nov 22, 2023
Signed-off-by: Shanin Roman <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Atm during handshake peer blindly trust other side that it's owns private key for the public key sent during handshake.
This should be fixed, probably by sending some kind of signature to other side to prove ownership of private key.
Relevant code:
p2p/src/peer.rs GetKey and SendKey.The text was updated successfully, but these errors were encountered: