Stale NUTS?


Status
Not open for further replies.

ramriot

Well-known member
May 24, 2018
129
15
Hi Steve,

Just a quick note, I'm testing your SQRL Client through WINE on Ubuntu 16.06LTS for authenticating this forum & just came across some interesting issues.

(1) & (2) are UX issues perhaps related to application launching on WINE, but (3) appears to be a state machine issue in the client logic.

1/ I was trying to launch the application to change some operational defaults (CPS / Same IP requirements) but could not launch it unless there was an authentication request in flight.

2/ Once launched that way there was no way around the current authentication request to change user options.

3/ After looking around for a while I gave up and typed in my password, but the background the login page had popped up an expiration message & login failed. So, I refreshed the page, clicked on the SQRL link again and typed in my Shortpass. The forum logged in, but then the SQRL client popped a dialog telling me it could not authenticate because the webpage had expired.

So far though everything else JUST WORKS.
 

sengsational

Well-known member
Feb 17, 2019
115
36
I think Steve has made reference to how the web site problematically generates nuts every minute, so easy to fix, but not yet fixed.
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
Gary...
Always fall back to GRC's reference client, server, website. There, this would not have happened. I cannot be responsible for the operation of other implementations. I (we) can only hope that they closely copy what we have carefully and deliberately assembled.

As @sengsational recalled correctly, Rasmus made a mistake in his XenForo/PHP code in assuming that HE should proactively request a new nut for the page after some length of time. This is NEVER what we want. As you well know (since we've bantered this about at great length in the past) "Nut staleness" is entirely handled between the SQRL client and server and NOT the website. The SQRL protocol already provides a means for managing this. Rasmus was trying to be helpful, but it backfired. He'll be fixing this soon. :)
 

ramriot

Well-known member
May 24, 2018
129
15
As @sengsational recalled correctly, Rasmus made a mistake in his XenForo/PHP code in assuming that HE should proactively request a new nut for the page after some length of time. This is NEVER what we want. As you well know (since we've bantered this about at great length in the past) "Nut staleness" is entirely handled between the SQRL client and server and NOT the website. The SQRL protocol already provides a means for managing this. Rasmus was trying to be helpful, but it backfired. He'll be fixing this soon. :)
Do you think that is the explanation for observation (3)? I will wait until its reported fixed and try the same trick again.

As to (1) & (2) I found my own solution, it seems when installing SQRL under WINE on Ubuntu there is a shortcut added to the launcher which does not work (probably an artifact of the install process). Locating the exe in the emulated filesystem of wine & making the launcher point at that does work.
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
Do you think that is the explanation for observation (3)? I will wait until its reported fixed and try the same trick again.
Uhhhhh... the only thing I would have expected would have been that the SQRL client would have complained about an expired page. So far as I know, there's nothing about the web page that it would say had expired. ??
 
Status
Not open for further replies.