Thread - Nostr Hypermedia

QnA 🛡️ 6 months ago

Seems like the terminal client has a hard coded key. Is the client using that to check that against the one sent from the coordinator? No match, no mix? http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Terminal/src/branch/main/darkjar/src/main/resources/cipher/mainnet

Replies (2)

/dev/fd0 🛡️ 6 months ago

Yes they have hardcoded a key in terminal. This introduces another vulnerability. I will add the details in the bitcointalk post.

Hanshan 🛡️ 6 months ago

↩ replying to /dev/fd0

its not a vulnerability if they're modulating the hardcoded key per CJ round correct? as @waxwing suggested on original vulnerability disclosure post Jan 7th? either way, the server CANNOT give clients a unique key for identification.