1. 15 Nov, 2018 6 commits
  2. 14 Nov, 2018 3 commits
  3. 13 Nov, 2018 3 commits
  4. 09 Nov, 2018 4 commits
  5. 07 Nov, 2018 2 commits
  6. 06 Nov, 2018 5 commits
  7. 05 Nov, 2018 2 commits
  8. 31 Oct, 2018 1 commit
  9. 30 Oct, 2018 4 commits
  10. 29 Oct, 2018 5 commits
  11. 26 Oct, 2018 2 commits
    • Witold Krecicki's avatar
      CHANGES · b338e6dd
      Witold Krecicki authored
      b338e6dd
    • Witold Krecicki's avatar
      Use non-cryptographically-secure PRNG to generate a nonce for cookies. · 6cd89d5e
      Witold Krecicki authored
      Rationale: the nonce here is only used to make sure there is a low
      probability of duplication, according to section B.2 of RFC7873.
      It is only 32-bit, and even if an attacker knows the algorithm used
      to generate nonces it won't, in any way, give him any platform to
      attack the server as long as server secret used to sign the
      (nonce, time) pair with HMAC-SHA1 is secure.
      
      On the other hand, currently, each packet sent requires (unnecessarily)
      a CS pseudo-random number which is ineffective.
      6cd89d5e
  12. 25 Oct, 2018 3 commits