Show More
| @@ -132,11 +132,10 b" owner, just as is common practice with a user's keys in their `.ssh` directory." | |||
|
|
132 | 132 | |
|
|
133 | 133 | .. warning:: |
|
|
134 | 134 | |
|
|
135 |
It is important to note that the |
|
|
|
136 | a uuid rather than generating a key with a cryptographic library, provides a | |
|
|
137 | defense against *accidental* messages more than it does against malicious attacks. | |
|
|
138 | If loopback is compromised, it would be trivial for an attacker to intercept messages | |
|
|
139 | and deduce the key, as there is no encryption. | |
|
|
135 | It is important to note that the signatures protect against unauthorized messages, | |
|
|
136 | but, as there is no encryption, provide exactly no protection of data privacy. It is | |
|
|
137 | possible, however, to use a custom serialization scheme (via Session.packer/unpacker | |
|
|
138 | traits) that does incorporate your own encryption scheme. | |
|
|
140 | 139 | |
|
|
141 | 140 | |
|
|
142 | 141 | |
General Comments 0
You need to be logged in to leave comments.
Login now