|
|
|
|
|
|
by the8472
80 days ago
|
|
|
Logins are session-based. You could tie publishing of a package to a signature from the key, then 1 tap = 1 package hash.
But yeah, if the system is compromised and the attacker is doing interactive attacks they can wait for something that requires using the key and then trigger the publishing and win a race against the real prompt. To the user it might just appear like having to tap twice. |
|
|