Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove statement about replay attacks #45

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ npm run make-dist
## Advantages over other authentication mechanisms

* By signing each request, man in the middle attacks are impossible.
* A nonce is part of the data signed, which prevents replay attacks.
* ~~A nonce is part of the data signed, which prevents replay attacks.~~ **edit:** the nonce is no longer part of th latest protocol, and replay attacks are not in the scope of problems solved by BitAuth.
* The cryptography in Bitcoin is rock solid and is securing billions
of dollars worth of bitcoins.
* It uses elliptic curve cryptography which performs much better than RSA.
Expand All @@ -42,7 +42,7 @@ using elliptic curve secp256k1. The public SIN (System identification number),
like a bitcoin address, is the RIPEMD 160, SHA256 hash of the public key.
See https://en.bitcoin.it/wiki/Identity_protocol_v1 for complete details.

In each request, the client includes a nonce to prevent replay attacks. The client
In each request, the client includes a nonce ~~to prevent replay attacks~~ (**edit:** see above). The client
signs the full url with the request body concatenated if there is one. The signature
is included in the `x-signature` header and the public key is included in the
`x-identity` header.
Expand Down