Delete 'attacks.md'
This commit is contained in:
parent
e2a366a0b0
commit
808403ed1b
49
attacks.md
49
attacks.md
|
@ -1,49 +0,0 @@
|
|||
# Attacks On Cwtch
|
||||
|
||||
|
||||
## Server Censorship
|
||||
|
||||
Servers must keep things for as long as possible. This messes with bandwidth requirements, means syncing takes really long.
|
||||
|
||||
We could improve fetch to say something like...fetch messages sent within the last day to improve that.
|
||||
|
||||
We should already restrict length to 1kb.
|
||||
|
||||
Force servers to keep things forever? Have clients do checks? Is this potentially creating a bigger issue down the line?
|
||||
|
||||
This means that secure key rotation is essential! We can't just rely on kdf because the rotation rate is known. Send secret
|
||||
salt on invite!
|
||||
|
||||
## Subgroup Attack
|
||||
|
||||
* Alice invites Bob and Carol to her Group
|
||||
* Carol invites Eve to the group, pretending that she is the Owner.
|
||||
* After some time passes Carol send Eve a group key update
|
||||
* Carol can now selectively reencrypt messages from Alice and Bob to Carol under the new group key.
|
||||
|
||||
Defenses
|
||||
--------
|
||||
|
||||
Eve rejects the initial group invitation because the signed group id doesn't match Carol
|
||||
Carol can create a new group with all the sam parameters and sign it herself though.
|
||||
However Carol will notice messages she can decrypt but are intended for another group, and if she tries to send
|
||||
a message to the group, Alice and Bob will discover their group has been compromised.
|
||||
|
||||
## Key Rotation Attacks
|
||||
|
||||
* Alice invites Bob and Carol to a new Group
|
||||
* Alice invites Eve
|
||||
* Alice rotates the key (using a kdf), sends the new key to the Group
|
||||
* Alice sends invite to Eve with new Key
|
||||
|
||||
Now there is a window where Bob and Carol send messages without receiving the new Key. There is also a possibility that
|
||||
Bob or Carol miss the Key rotation message by being offline during the entire Server buffer period.
|
||||
|
||||
Alice should then technically rebroadcast the key rotation message, along with the iteration, until she received confirmation from Bob and Carol?
|
||||
|
||||
RotateKey, 1
|
||||
AckRotateKey
|
||||
|
||||
Invite
|
||||
mAckInvite
|
||||
|
Loading…
Reference in New Issue