-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why hash random bytes? #1
Comments
It is needed to have secure anti-forgery solution, later that hash should be verified: We indeed should improve Smart-ID documentation should reasoning would be clear.
|
I think you misunderstood my question. Also the use of term "randomly generated hash" in your documentation ads more confusion. It's should be either "randomly generated bytes" or "hash of something". Please explain the logic behind "randomly generated hash". |
Maybe it helps a bit if the random generator is not-that-good-and-random-at-all ? |
@martinpaljak In the example it uses SecureRandom so your argument is not valid. And even if RNG function would be totally deterministic, hashing the output would hardly be helpful. |
Why are you requiring to calculate hash of random bytes? What problem does it solve?
https://github.com/SK-EID/smart-id-documentation#611-sending-authentication-request
The text was updated successfully, but these errors were encountered: