dbauszus-glx
commented
7 months ago Changing the algorithm to RSA256 will require an asymmetric key read from a file.
Open dbauszus-glx opened 7 months ago
dbauszus-glx
commented
7 months ago Changing the algorithm to RSA256 will require an asymmetric key read from a file.
After logging in, users receive a JWT (JSON Web Token) as an authentication cookie, consisting of the following three parts encoded in Base64:
If a weak secret key is used, particularly with HS256 (HMAC with SHA-256) as the algorithm for token signing, an attacker could potentially brute force it. This vulnerability arises specifically due to the characteristics of HS256, and it's important to note that this scenario is not applicable to algorithms like RS (RSA) where a different set of security considerations come into play.