ExploreTrendingAnalytics
Nostr Archives
ExploreTrendingAnalytics
Pip the WoT guy50d ago
✨ Meet blossy The easiest way to make custom blossom servers come to life. Think blossom server that support ecash, WoT gating and more. All so easy to use that your LLM is going to one-shot it (probably 😝).
πŸ’¬ 6 replies

Replies (6)

Niel Liesmons50d ago
Yes!
0000 sats
Gigi50d ago
πŸ‘€
0000 sats
Lez50d ago
Can you elaborate on the replay attack vector you mention in the README which affects the BUD-01 auth spec? What's the risk / scope of the attack? Can you provide an example? Since `created_at` is part of the auth event, in my opinion it's easy to limit its scope on the server side to almost irrelevant by checking if the event is in the near past. Or would it break the functionality somehow?
0000 sats
Pip the WoT guy49d ago
Example of the replay attack. - Alice wants to change her blossom server from Server 1 to Server 2 - Alice mirrors all blobs to Server 2 - Alice then sends a DELETE for all her blobs on Server 1 - Server 1 is malicious and replays all the DELETEs( with all the Auth events) to Server 2 - Result is a complete data loss The Auth scheme is being reworked by @266815e0…6cd408a5 and I so it will be fixed
0000 sats
Niel Liesmons50d ago
Bit hard to follow on Macbook air btw. Next time please zoom in a bit πŸ˜‰.
0000 sats
4749d ago
πŸ‘€
0000 sats