Replying to Avatar QnA

Seems like the terminal client has a hard coded key. Is the client using that to check that against the one sent from the coordinator?

No match, no mix?

http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Terminal/src/branch/main/darkjar/src/main/resources/cipher/mainnet

Avatar
/dev/fd0 6mo ago

Yes they have hardcoded a key in terminal. This introduces another vulnerability. I will add the details in the bitcointalk post.

Reply to this note

Please Login to reply.

Discussion

Avatar
Hanshan 6mo ago

its not a vulnerability if they're modulating the hardcoded key per CJ round correct?

as nostr:nprofile1qqsxwkuyle67y94tj378gw8w2xw2wa6nwmwlqhddlwnz0z7sztsaw2qpz9mhxue69uhkummnw3ezuamfdejj7nxasma suggested on original vulnerability disclosure post Jan 7th?

either way, the server CANNOT give clients a unique key for identification.

Avatar
QnA 6mo ago

Precisely

Avatar
Hanshan 6mo ago

trying to figure out if/how key modulation is happening

its above my pay grade TBH 😅

Avatar
QnA 6mo ago

That makes two of us