Comment Re:Equivalent to SSH/TLS with self-signed certs. (Score 1) 392
> Is this, for example, subject to playback attacks?
Yes, it is (there's no server nonce). It's designed that way because it eliminates latency. This is a low security, low cost scheme after all. It's also vulnerable to truncation attacks and, until I implement authenticators, blind corruption.
Yes, it is (there's no server nonce). It's designed that way because it eliminates latency. This is a low security, low cost scheme after all. It's also vulnerable to truncation attacks and, until I implement authenticators, blind corruption.
