aboutsummaryrefslogtreecommitdiff
path: root/docs/megolm.rst
diff options
context:
space:
mode:
authorMark Haines <mjark@negativecurvature.net>2016-10-24 10:28:54 +0100
committerGitHub <noreply@github.com>2016-10-24 10:28:54 +0100
commit8de0f1fbb3df0adf8dd8e9db1099eacc0edfecc9 (patch)
tree0c57e6448edf6e47b94991dc9b0755c35a4b1801 /docs/megolm.rst
parentd1a535861d02f5a5e049eb3654c8adf1d316bac8 (diff)
parent884ad02413e334473a338986c2291a717defb662 (diff)
Merge pull request #32 from matrix-org/markjh/replay
Document the potential for message replays and possible mitigations
Diffstat (limited to 'docs/megolm.rst')
-rw-r--r--docs/megolm.rst11
1 files changed, 11 insertions, 0 deletions
diff --git a/docs/megolm.rst b/docs/megolm.rst
index 4929349..03ee426 100644
--- a/docs/megolm.rst
+++ b/docs/megolm.rst
@@ -274,6 +274,17 @@ bytes preceding the signature.
Limitations
-----------
+Message Replays
+---------------
+
+A message can be decrypted successfully multiple times. This means that an
+attacker can re-send a copy of an old message, and the recipient will treat it
+as a new message.
+
+To mitigate this it is recommended that applications track the ratchet indices
+they have received and that they reject messages with a ratchet index that
+they have already decrypted.
+
Lack of Transcript Consistency
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~