[taler-anastasis] branch master updated (7d63fbc -> fb7fc68)

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-anastasis] branch master updated (7d63fbc -> fb7fc68)

From:	gnunet
Subject:	[taler-anastasis] branch master updated (7d63fbc -> fb7fc68)
Date:	Mon, 08 Jun 2020 20:51:27 +0200

This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a change to branch master
in repository anastasis.

    from 7d63fbc  Merge branch 'master' of ssh://git.taler.net/anastasis
     new 48e8fe1  fix token
     new fb7fc68  fix token

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 doc/thesis/related_work.tex | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/doc/thesis/related_work.tex b/doc/thesis/related_work.tex
index 8c458fc..bbf71ca 100644
--- a/doc/thesis/related_work.tex
+++ b/doc/thesis/related_work.tex
@@ -223,6 +223,12 @@ single authentication method by itself is usually 
vulnerable.
 Multi-factor authentication combines multiple authentication
 procedures to enhance the security of the system.
 
+During procedure of some authentication methods a so called token is 
+sent to the user. The user than has to provide the token to authorize.\\
+The token should be a randomly generated passphrase which has at 
+least 128 bits of entropy. It is best practice for a token to have an 
+expiration time, although this is not relevant for security of Anastasis.\\
+
 Anastasis is designed to use a wide range of authentication methods to
 authenticate its users. Even though the user in Anastasis is free to
 specify only one authentication method, we strongly recommend the use
@@ -339,16 +345,7 @@ Authentication by email is similar to SMS authentication. 
Here,
 the user receives a token by email and has to provide it during the
 authentication process.
 
-% CG: FIXME: (1) I don't buy the validity period, how does it help?
-% CG: FIXME: (2) This also applies to SMS, why have it here?
-The handling of this token needs some
-considerations. The token should have a validity period, this means
-for example the token would only be valid for one hour. This is a
-security measure to prevent malicious actions if the user's email
-account was compromised. Also the token should be a randomly generated
-passphrase which has at least 128 bits of entropy.
-
-Another important part is that the email should not already contain the
+It is important that the email should not already contain the
 requested information, so in the case of Anastasis the keyshare.  This
 is because the SMTP protocol used for email offers no hard security
 assurances. In particular, the email is likely to be stored for a

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-anastasis] branch master updated (7d63fbc -> fb7fc68), gnunet <=
- [taler-anastasis] 02/02: fix token, gnunet, 2020/06/08
- [taler-anastasis] 01/02: fix token, gnunet, 2020/06/08

Prev by Date: [taler-exchange] branch master updated: nexus-exchange test.
Next by Date: [taler-anastasis] 02/02: fix token
Previous by thread: [taler-exchange] branch master updated: nexus-exchange test.
Next by thread: [taler-anastasis] 02/02: fix token
Index(es):
- Date
- Thread