working base
This commit is contained in:
parent
e090b70dba
commit
616c17501a
11 changed files with 1142 additions and 243 deletions
16
README.md
16
README.md
|
|
@ -43,3 +43,19 @@ Please use it behind a safer reverse proxy like Apache or Nginx.
|
|||
### Length-extension attack
|
||||
|
||||
SHA3 (used as a MAC in the challenge cookie) is not vulnerable. Values in the hash are either fixed-length, safe, or delimited.
|
||||
|
||||
SHA2 (used for PoW) is vulnerable but nonce is at the beginning so this is not a problem.
|
||||
|
||||
### PoW
|
||||
|
||||
I would like a better PoW: memory-bound and ideally non-parallel. Cuckoo seems a good candidate.
|
||||
|
||||
## License
|
||||
|
||||
[Support me via LiberaPay](https://liberapay.com/tuxmain/donate)
|
||||
|
||||
GNU AGPL v3, CopyLeft 2025 Pascal Engélibert [(why copyleft?)](https://txmn.tk/blog/why-copyleft/)
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3 of the License.
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
|
||||
You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue