Guru's Verification engine ensures consistency, confidence, and trust in the knowledge your organization shares. Learn more.

Added support for device tokens allowing for bypassing 2FA

Implemented 2fa bypass utilizing jwt

Default bypass is 30 days. This setting along with any server wide security settings can be updated upon request by submitting a ticket.

JWT Signature Algorithm

We utilize the Hash-based Message Authentication Code (HMAC) with SHA-256 for signing our JWTs. This choice of algorithm offers several benefits:

  • Security: HMAC with SHA-256 provides a high level of security, making it resistant to current cryptographic attacks. HMAC is less susceptible to certain vulnerabilities that affect Elliptic Curve Digital Signature Algorithm (ECDSA), such as implementation flaws and side-channel attacks.
  • Performance: HMAC is known for its simplicity and efficiency, resulting in fast processing times and reduced computational overhead. It does not rely on complex mathematical operations, making it more straightforward to implement securely.
  • Deterministic Nature: Unlike ECDSA, which requires a unique, random value for each signature (making it prone to nonce reuse attacks), HMAC is deterministic and does not have this requirement, reducing potential attack vectors.

JWT Encryption Algorithms

To ensure the confidentiality and integrity of the JWT payload, we employ AES (Advanced Encryption Standard) in two modes:

  1. AES-256-GCM (Galois/Counter Mode):
    • Security: This mode offers both encryption and authentication in a single step, providing a high level of security against tampering and ensuring data integrity.
    • Efficiency: AES-256-GCM is optimized for performance, allowing for faster encryption and decryption processes while maintaining strong security guarantees.
  2. AES-256-CBC (Cipher Block Chaining):
    • Security: AES-256-CBC provides a robust encryption mechanism, ensuring the confidentiality of the data.
    • Usage: While CBC mode does not inherently provide authentication, it is used in scenarios where we separately manage authentication, ensuring a layered security approach.

Implementation Workflow

  1. Token Signing:
    • Upon token creation, the JWT header and payload are signed using HMAC with SHA-256. This signature ensures the authenticity and integrity of the token.

Additional Resources

GOREV SUPPORT TEAM

If you have any additional questions or concerns regarding this tutorial, please contact the GoRev Support Team by phone at (317) 794-3900 or by email at

ask@gorev.com

Note: Always submit an IT Support Ticket detailing the problem that you are experiencing with this portion of GoRev, if possible, as this will give GoRev Support Agents access to information that will help expedite the resolution of your issue. If you are unsure how to submit an IT Support Ticket in GoRev, please see the GoRev IT Support Ticket Creation Tutorial for assistance

Changelog Home


image.png

You must have Author or Collection Owner permission to create Guru Cards. Contact your team's Guru admins to use this template.