Skip to content

Increase security with color commands #11

New issue
New issue
Open
Open
Increase security with color commands#11
Labels
improvement
@glasss13

Description

@glasss13
glasss13
opened on May 16, 2024

Currently, there are two big security issues with the color commands.

  1. All the color commands sent at once, this allows for an adversary to get lucky by having the first shader already pre-computed(actually very trivial since there aren't that many possible first colors) and then having enough time to compute the rest of the colors. Instead, we should send the colors in spaced intervals so that the next color is not known until it would be too late to fake.
  2. We don't enforce that the client sends a response back quickly. This allows for an adversary to receive a color command, compute, and then send back the response. The server should verify that the time is not much more than RTT to avoid foul play.

Metadata

Metadata

Assignees

No one assigned

    Labels

    improvement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions