README.md - bambi7-service-fireworx - ESDSA-signed firework A/D service for BambiCTF7 in 2022

	bambi7-service-fireworx ESDSA-signed firework A/D service for BambiCTF7 in 2022
	git clone https://git.sinitax.com/sinitax/bambi7-service-fireworx
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt

README.md (526B)

      1# Fireworx
      2
      3Service for launching and viewing fireworks.
      4
      5User authentication is done via challenge-response using DSA. Users
      6can launch fireworks with an optional wish every few seconds.
      7
      8A log is kept of which fireworks were launched where and with what wish
      9that can be viewed by users on the profile page.
     10
     11## Vulnerabilities
     12
     13The signature $(1,0)$ passes `verify` for any public key and can be used
     14to login as the flag user.
     15
     16A nonce-reuse in the key generation allows forging signatures and to login
     17as the flag user.
     18