Merge MAC verification when using wormhole
So far the QR code was pretty much public information. It did not really contain information that compromises your security. Now with wormhole that changes, because it contains the key we chose for the wormhole channel. We base the security of the transfer on the security of scanning the barcode. It is still public and an attacker getting hold of the QR code before the user can scan it can now cause a DoS. But that's still better than being able to inject arbitrary keys.
Showing with 35 additions and 16 deletions