Message traffic is subject to potental replay attacks

ravthan / all-eyes

Automatically exported from code.google.com/p/all-eyes

0 stars 0 forks source link

Message traffic is subject to potental replay attacks #69

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

Message traffic is subject to potental replay attacks because it does not have 
a timestamp or nonce.
- Add a timestamp to the message traffic
- Check the timestamp in the receiving processes

Original issue reported on code.google.com by tbrt....@gmail.com on 14 Nov 2012 at 4:59

GoogleCodeExporter commented 8 years ago

We have added the <msg-id> field in our protocol. This field is an unique 
string of the combination of an up to 15-digit number plus character '-' plus 
an up to 6-digit count. The 15-digit number is a high resolution time-stamp 
that may not corresponding to the real time. The 6-digit count is the message 
counter of the monitor process.

Original comment by toddd...@gmail.com on 19 Nov 2012 at 4:58

Changed state: Fixed

GoogleCodeExporter commented 8 years ago

Verified with unit testing

Original comment by tbrt....@gmail.com on 9 Dec 2012 at 9:24

Changed state: Verified