You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While the declared signature length is 10 digits, 4 bytes have a very low entropy on the first digit. Namely, 2^32 = 4 294 967 296, plus we strip the negative numbers thus gaining only half of this number. Therefore, the first character of the signature can be only 0, 1 or 2...
We need to evaluate if this is a big issue, since signatures are always connected with given transaction and random nonces.
Possible solutions:
allow use of non-decimalized long signature in HTTP request
allow extending the signature length by not stripping 4 bytes only
The text was updated successfully, but these errors were encountered:
As with the HOTP standard, we use decimalized signatures constructed from 4 bytes, as seen here:
https://dl.dropboxusercontent.com/u/6405782/powerauth/index.html#computing-the-signature
While the declared signature length is 10 digits, 4 bytes have a very low entropy on the first digit. Namely, 2^32 = 4 294 967 296, plus we strip the negative numbers thus gaining only half of this number. Therefore, the first character of the signature can be only 0, 1 or 2...
We need to evaluate if this is a big issue, since signatures are always connected with given transaction and random nonces.
Possible solutions:
The text was updated successfully, but these errors were encountered: