darkmsph1t
commented
5 years ago Potential solution => using the policy Id as the salt? It's randomly generated and unique per policy && it is stored/referencable at anytime
Open darkmsph1t opened 5 years ago
darkmsph1t
commented
5 years ago Potential solution => using the policy Id as the salt? It's randomly generated and unique per policy && it is stored/referencable at anytime
Is your feature request related to a problem? Please describe. _spartan --integrity provides a hash of security.json and security.js, but these values alone may be reproducible by a motivated attacker. The idea solution would be to include a salt as part of the hashing process, but today there is no lightweight way of generating or saving randomly generated salts within spartan itself
Describe the solution you'd like Integrity function needs to include a randomly generated salt before hashing the files using the regular shasum method and needs a way to decompile the hashes & compare salts prior to acceptance.
Why does this feature belong in _spartan? These files are critical to the generation of the boilerplate code and should be considered unimpeachable
Describe alternatives you've considered N/A
Additional context Add any other context or screenshots about the feature request here.