0

I am very surprised to see that jwt.io can decode my jwt token that was generated via HS256 algorithm. Compared to RS256, HS256 carries only one key that is shared on both parties. I have never allowed one partiy to know what this key is (only serverside knows that) but, to be honest, one can find the key by doing crazy iteration until output comes out.

So now I am at the stage that single secret is not as secured as public/private key method. At the same time, jwt.io decodes my token successfully.

Anyone has any ideas about the limitation of HS256 algorithm and how jwt.io knows my jwt? Best!

Sungpah Lee
  • 1,003
  • 1
  • 13
  • 31
  • Does this answer your question? [If you can decode JWT, how are they secure?](https://stackoverflow.com/questions/27301557/if-you-can-decode-jwt-how-are-they-secure) – jps Apr 12 '21 at 08:00
  • any base64url decoder can decode a JWT. Why? Because it's only encoded (and signed), but not encrypted. For encoding/decoding you don't need a key. The key is used for the signature (the third part) of the token. – jps Apr 12 '21 at 08:01
  • @jps so, if I got your point properly, any jwt can be read without key (for sure). The key is used to encrypt the data. If the user changes the hash data, then, the server will know this is scam. But, if the key is stolen, then the server will not know whether that is scam. With single key, there is no decryption right, since on the server side, we are just going to read it and parse it. – Sungpah Lee Apr 12 '21 at 09:11
  • a signed JWT can always be decoded, independent of the signing algorithm.In case of asymmetric algorithms, such as RS256, the key is used to encrypt the hash. If someone changes the payload manually, the hash in the signature part doesn't match anymore and you know the token was manipulated. Independent of the algorithm, you always should verify the signature.More thoughts about the different algos [here](https://stackoverflow.com/a/60905902/7329832) – jps Apr 12 '21 at 09:49

0 Answers0