Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • L libpep-cpp
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 2
    • Issues 2
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 2
    • Merge requests 2
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Terraform modules
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Bernard van Gastel
  • libpep-cpp
  • Issues
  • #1
Closed
Open
Issue created Jun 01, 2022 by AA Westerbaan@awesterbContributor

Coinciding pseudonymisation and decryption factors

When for the creation of a local pseudonym the same string is used for the pseudonymisation and decryption contexts, the resulting factors are the same. There is no reason for allowing this coincidence, and leads to mildly weaker security. (E.g., when decryption and pseudonym factors coincide, a local pseudonym for party A can be translated to a local pseudonym for party B when the private keys for A and B are known.)

Proposed solution: prepend "pseudonym" and "decryption", respectively, to the strings used to create the factors.

Assignee
Assign to
Time tracking