|
|
|
|
|
|
by shuckles
1778 days ago
|
|
|
Yes the server secret comes into play looking at the encryption key on the client. This is the value L, which you can think of as a “public key” in usual ECC schemes. It’s not useful to talk about defeating the “internal” layer of encryption separately from the “outer” layer because vouchers should be stored as generated by clients at rest. The database leak should not include any unwrapped vouchers (that would be like using a password hash but storing plaintext passwords anyways). |
|
|