-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit fake contact event attacks by using shared hashed "handshake" #35
Comments
Publishing something else than private key of infected person is generally a good idea, I believe that EphIDs of ones at risk should be published instead, as in #14
|
Thanks for #14.
|
Thanks for suggesting this. We have considered this design internally, and it is currently not in our proposal because of the increased bandwidth consumption that it would entail. We continue to hold it on our list of possible-but-not-adopted approaches. |
What kind of bandwidth consumption are we talking about? Are we sure we need to download all the data for every client? |
To limit fake contact event attacks we can rely on shared information between the two devices Instead of storing EphID.
We can do it like that:
In case of infection
Security problem
Someone can get my RiDx and broadcast it. But it will have to do that physically at ~2m of each person.
The text was updated successfully, but these errors were encountered: