Skip to content

fix: Add nonce to signing protocol to reduce replay window (#256)#262

Merged
deucebucket merged 3 commits into
developfrom
fix/issue-256-signing-nonce
Jun 12, 2026
Merged

fix: Add nonce to signing protocol to reduce replay window (#256)#262
deucebucket merged 3 commits into
developfrom
fix/issue-256-signing-nonce

Conversation

@deucebucket

Copy link
Copy Markdown
Owner

Summary

  • Add UUID nonce to signed request headers (X-LM-Nonce) — backwards compatible (old BookDB ignores it)
  • Reduce timestamp tolerance from 300s to 120s (2 minutes is plenty for clock drift)
  • Nonce is included in HMAC message when present, making replay within the window detectable by BookDB

Security: Reduces replay attack surface from 5 minutes to 2 minutes, and enables BookDB-side nonce tracking for full replay prevention.

Closes #256

Test plan

  • 290/290 pattern tests pass
  • ruff F821 clean
  • Verify signing still works with current BookDB (backwards compatible)

deucebucket and others added 3 commits June 5, 2026 08:26
Promote develop to main after PR #217 and passing CI.
- Add generate_nonce() function returning UUID4 hex string
- Make nonce optional in generate_signature() and verify_signature()
  for backwards compatibility with older Skaldleita versions
- Update get_signed_headers() in bookdb.py to include X-LM-Nonce
- Reduce TIMESTAMP_TOLERANCE from 300s to 120s (2 minutes)
@deucebucket deucebucket merged commit f2ace00 into develop Jun 12, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant