From 8c4a11a92d2eac501e06659dff062d84d5c855ec Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Fri, 21 Oct 2016 15:13:20 +0100 Subject: Document the potential for message replays and possible mitigations --- docs/megolm.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'docs') diff --git a/docs/megolm.rst b/docs/megolm.rst index 4929349..56e5f1d 100644 --- a/docs/megolm.rst +++ b/docs/megolm.rst @@ -274,6 +274,16 @@ bytes preceding the signature. Limitations ----------- +Message Replays +--------------- + +A message can be decrypted successfully multiple times. This means that a MITM +server can send multiple copies of a message and they will successfully decrypt. + +To mitigate this it is recomendend that applications track the message indicies +they have recieved and that they reject messages with indicies that they've +already decrypted. + Lack of Transcript Consistency ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 0a7d4e35ccee89c34adeb03b112d243a27326fda Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Fri, 21 Oct 2016 15:44:53 +0100 Subject: Reword and s/message index/ratchet index/ --- docs/megolm.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/megolm.rst b/docs/megolm.rst index 56e5f1d..0994100 100644 --- a/docs/megolm.rst +++ b/docs/megolm.rst @@ -277,12 +277,13 @@ Limitations Message Replays --------------- -A message can be decrypted successfully multiple times. This means that a MITM -server can send multiple copies of a message and they will successfully decrypt. +A message can be decrypted successfully multiple times. This means that an +attacker can re-send a copy of an old message, and the recipient will treat it +as a new message. -To mitigate this it is recomendend that applications track the message indicies -they have recieved and that they reject messages with indicies that they've -already decrypted. +To mitigate this it is recomendend that applications track the ratchet indicies +they have recieved and that they reject messages with a ratchet index that +they've already decrypted. Lack of Transcript Consistency ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 092bf880f5adaf9897b1c869b67f6d9c5284eda5 Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Fri, 21 Oct 2016 15:45:33 +0100 Subject: s/they've/they have/ --- docs/megolm.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/megolm.rst b/docs/megolm.rst index 0994100..dce64d7 100644 --- a/docs/megolm.rst +++ b/docs/megolm.rst @@ -283,7 +283,7 @@ as a new message. To mitigate this it is recomendend that applications track the ratchet indicies they have recieved and that they reject messages with a ratchet index that -they've already decrypted. +they have already decrypted. Lack of Transcript Consistency ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 884ad02413e334473a338986c2291a717defb662 Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Fri, 21 Oct 2016 17:07:26 +0100 Subject: Spelling --- docs/megolm.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/megolm.rst b/docs/megolm.rst index dce64d7..03ee426 100644 --- a/docs/megolm.rst +++ b/docs/megolm.rst @@ -281,8 +281,8 @@ A message can be decrypted successfully multiple times. This means that an attacker can re-send a copy of an old message, and the recipient will treat it as a new message. -To mitigate this it is recomendend that applications track the ratchet indicies -they have recieved and that they reject messages with a ratchet index that +To mitigate this it is recommended that applications track the ratchet indices +they have received and that they reject messages with a ratchet index that they have already decrypted. Lack of Transcript Consistency -- cgit v1.2.3