Comment by brna-2
6 hours ago
Also @MattPalmer1086 the best solution for this I have now is to have several secret keys and rotate usage. Would be nice to have some additional security boosts.
6 hours ago
Also @MattPalmer1086 the best solution for this I have now is to have several secret keys and rotate usage. Would be nice to have some additional security boosts.
Key rotation among a set of keys only partially mitigates the issue (have to obtain more samples).
It has it's own synch problems (can you be sure which key to use next and did the server update the same as you, or did the last request not get through?).
This post on security stack exchange seems relevant.
https://security.stackexchange.com/questions/150168/one-time...