You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In case of a private network, what are the potential impacts, if any?
from ethereum/devp2p#32 :
"The two sides of a RLPx connection generate two CTR streams from the same key, nonce and IV.
If an attacker knows one plaintext, he can decrypt unknown plaintexts of the reused keystream.
Separate keys needs to be used for each stream. See for example the TLS 1.2 RFC 5246 section 6.3."
In the case of a private network, here is a fix proposed for rlpx.go:
Hi, does Besu RLPx implementation solve this issue?
ethereum/go-ethereum#1315
In case of a private network, what are the potential impacts, if any?
from ethereum/devp2p#32 :
"The two sides of a RLPx connection generate two CTR streams from the same key, nonce and IV.
If an attacker knows one plaintext, he can decrypt unknown plaintexts of the reused keystream.
Separate keys needs to be used for each stream. See for example the TLS 1.2 RFC 5246 section 6.3."
In the case of a private network, here is a fix proposed for rlpx.go:
LaurentMT/go-ethereum@e8cba72
Regards,
The text was updated successfully, but these errors were encountered: