diff options
author | Mark Haines <mjark@negativecurvature.net> | 2016-10-24 10:28:54 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-10-24 10:28:54 +0100 |
commit | 8de0f1fbb3df0adf8dd8e9db1099eacc0edfecc9 (patch) | |
tree | 0c57e6448edf6e47b94991dc9b0755c35a4b1801 | |
parent | d1a535861d02f5a5e049eb3654c8adf1d316bac8 (diff) | |
parent | 884ad02413e334473a338986c2291a717defb662 (diff) |
Merge pull request #32 from matrix-org/markjh/replay
Document the potential for message replays and possible mitigations
-rw-r--r-- | docs/megolm.rst | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/docs/megolm.rst b/docs/megolm.rst index 4929349..03ee426 100644 --- a/docs/megolm.rst +++ b/docs/megolm.rst @@ -274,6 +274,17 @@ bytes preceding the signature. Limitations ----------- +Message Replays +--------------- + +A message can be decrypted successfully multiple times. This means that an +attacker can re-send a copy of an old message, and the recipient will treat it +as a new message. + +To mitigate this it is recommended that applications track the ratchet indices +they have received and that they reject messages with a ratchet index that +they have already decrypted. + Lack of Transcript Consistency ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |