Server MAC

Revision as of 15:33, 25 March 2015 by Ramriot (Talk | contribs)

Jump to: navigation, search


Threat Model

Ability of MITM attacker to modify, redact or replay messages between server and client. This safeguard covers protection of the Server=>Client communication flow, for Client=>Server flow protections see SQRL Signatures.

Assisting Safeguards

All response messages (Excluding terminating message) sent by server are echoed back by client and signed with clients private key/s. All response message sent by server contain entropy as NUT / QRY parameter that effectively renders them unique for the purpose of this safeguard.


Messages from server to client must be protected from being altered or replaced with similar messages. This requires the server to be able to prove that a response message it gets on an echo from the client was exactly the one it sent on the preceding response.

Example Methods