I am currently writing a website backend and decided to use JWT (based on JWS structure). My concern is if I should throttle the rate at which the token generation can occur. My thought is that if an attacker generates enough tokens (millions, maybe even billions?), could they have enough information (since the signature is based on plaintext) to reverse engineer the secret key. My algorithm of choice is HS256.
Thanks
Aucun commentaire:
Enregistrer un commentaire