-
Notifications
You must be signed in to change notification settings - Fork 3
Auth
Sean Donovan edited this page Oct 31, 2013
·
3 revisions
#Authentication and Threat Model
##Threat Model
###Login
###Replay Attacks
##Authentication Authentication will use the HTTP authentication header. As has been pointed out, this is very insecure, as the password will be only mildly obfuscated by being translated to base64. This is not unreasonable however, as the passwords for Tor bridges are given out unencrypted.
The Gallery part of the application will be able to use this to distinguish whether or not the connection is a Tor connection or an otherwise uninteresting probing attack