neogeno
commented
5 years ago You said it, I'll do it.
Closed Kixunil closed 5 years ago
neogeno
commented
5 years ago You said it, I'll do it.
neogeno
commented
5 years ago Done in build 52
Since there's no way for Shango to determine if the TLS certificate provided by the other end of the connection is valid, an attacker might create their own certificate and MITM the connection.
Please add another "certificate fingerprint" field to the settings and to the QR code that will be used for verifying authenticity of server certificate. SHA256 hash should be used.
For maximum convenience, the field should accept hex string in both upper and lower case, with or without colons between bytes (each two hex digits).