Ask SN: When implementing LNURL-auth, do I have to check authenticity of k1? \ stacker news ~bitcoin

Ask SN: When implementing LNURL-auth, do I have to check authenticity of k1?

237 sats \ 12 comments \ @ek 8 Mar 2023 bitcoin

I am currently implementing LNURL-auth.

Do I have to check if k1 was created by me? The spec doesn't mention this [1]. I have seen that SN does that but maybe that is only done because the row is updated with the corresponding pubkey on valid signature. [2]

Assuming we would not use HTTPS (which the spec requires) or an attacker gets the wallet response in some other way, we could replay k1, sig, key to a different service which doesn't check if the service provided the k1.

[1] https://github.com/lnurl/luds/blob/luds/04.md [2] https://github.com/stackernews/stacker.news/blob/master/pages/api/lnauth.js

Posted in SN telegram before

view all related items

345 sats \ 8 replies \ @nerd2ninja 8 Mar 2023

Yes there's the attack vector you mentioned, but I think the spec talks about making sure you check the k1 to avoid replay attacks to the same webserver (not just a different server).

30 sats \ 7 replies \ @ek OP 8 Mar 2023

Oh, lol, now that you mentioned it, I see it:

LN SERVICE must make sure that unexpected k1s are not accepted: it is strongly advised for LN SERVICE to have a cache of unused k1s, only proceed with verification of k1s present in that cache and remove used k1s on successful auth attempts.

I must have been blind lol

I focused on "Wallet to service interaction flow"

21 sats \ 6 replies \ @nerd2ninja 8 Mar 2023

Spec blind devs are dangerous...but at least you're security conscious enough to remediate that lol.

15 sats \ 5 replies \ @ek OP 8 Mar 2023

haha I guess so, thanks

Will have to figure out how to keep my session now however. That's not part of the spec and I can't trivially use Set-Cookie header

0 sats \ 4 replies \ @nerd2ninja 8 Mar 2023

I think you generate a session ID after this authentication. (Which you have to make sure is not based on time or any other predictable mechanism)

0 sats \ 3 replies \ @ek OP 8 Mar 2023

Yes, but the server just responds with "OK" to the wallet. I don't respond to the browser on success.

So it's not obvious how to tell the browser about the session ID after authentication.

Edit: Mhh, I guess I can create a session ID and then return that session ID when the browser notices that the login was successful since I do polling.

Okay, that should work. Now my question sounds kind of dumb haha

0 sats \ 2 replies \ @nerd2ninja 8 Mar 2023

@k00b what do you do?

I think you would set the session ID before authentication, then after authentication remember that this session ID is authenticated now.

0 sats \ 0 replies \ @ek OP 8 Mar 2023

I think you would set the session ID before authentication, then after authentication remember that this session ID is authenticated now.

Interesting

reply on another page

15 sats \ 0 replies \ @ek OP 8 Mar 2023

He uses next-auth; that takes care of that in ways I didn't understand yet.

But I think using that library is overkill for me (for now). I only want to support LNURL-auth.

Also, I like implementing stuff on my own first (yes, I know about "don't roll your own crypto" haha)

reply on another page

21 sats \ 1 reply \ @WeAreAllSatoshi 8 Mar 2023

Really cool discussion, thanks for posting!

0 sats \ 0 replies \ @ek OP 8 Mar 2023

Haha no worries

I should read more specs not properly lol

0 sats \ 0 replies \ @zeRealSchlausKwab 9 Mar 2023

https://github.com/zerealschlauskwab/lnapp-starter/blob/master/src/server/routers/auth.ts