Giters

iotaledger / stronghold.rs

Stronghold is a secret management engine written in rust.

Home Page:https://wiki.iota.org/stronghold.rs/getting_started

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[AUDIT]: Protect P2P against replay attacks

felsweg-iota opened this issue · comments

commented

Description

The p2p layer of Stronghold is strongly protected by the NOISE protocol provided by libp2p. The current implementation does not prevent attackers to replay intercepted messages against a number of peers. Provide the means for each request per session to invalidate replayed request packets.

Motivation

Counter replay attacks

Requirements

  1. Prevent intercepted requests send again towards a number of peers

Open questions (optional)

None

Are you planning to do it yourself in a pull request?

Yes.

commented

With the removal of the p2p crate, this issue is obsolete.