[~] added token complexity for client-server interaction #417
Conversation
Ya-Pasha-364shy
force-pushed
the
fix/token_gen
branch
from
cb941c2
to
2747e9d
Compare
|
Hi all. Do you find these changes useful or can I close the pull request? |
@Ya-Pasha-364shy Thanks for the PR, and sorry for the late reply. We find it useful but it can't be merged at the current state. There's an important issue here: The generated token need to be used during new connection handshaking in the future. While usually we used it in distributed cluster, and the servers in the cluster don't have to share state with each other. Then the current solution would cause the server can't validate the token in the future without current state. We have discussed a new solution to solve this issue. Basically we'd like to have the modification upon your PR, and keep this PR unmerged until this new solution is merged into this branch. |
Hello everyone, I decided to complicate the token by double-xor encryption with an initialization vector and a connection secret, this secret is unique for each connection. I will be glad to constructive criticism and reviews.
Fixes #266 issue