Deprecating some Security Risks
This commit is contained in:
parent
8687d23f60
commit
2a270eba21
61
src/cwtch.md
61
src/cwtch.md
|
@ -2,18 +2,6 @@
|
||||||
|
|
||||||
# Known Risks
|
# Known Risks
|
||||||
|
|
||||||
## Dependency on Outdated Protobuf Implementation
|
|
||||||
|
|
||||||
**Status: Partially Mitigated (Work in Progress)**
|
|
||||||
|
|
||||||
The group features of Cwtch are enabled by an untrusted infrastructure
|
|
||||||
protcol that is implemented using the older ricochet-based channels. The go
|
|
||||||
code that was generated from these channels no longer works given the newest
|
|
||||||
version of the protobufs framework.
|
|
||||||
|
|
||||||
The goal is to remove protobufs entirely from the project by porting this
|
|
||||||
functionality over the Tapir, once a suitable replacement protocol has been
|
|
||||||
defined.
|
|
||||||
|
|
||||||
## Thread Safety
|
## Thread Safety
|
||||||
|
|
||||||
|
@ -39,23 +27,7 @@ the file system cross the boundary between the UI front-end and the App backend.
|
||||||
Intercepting this information requires a privileged position on the local
|
Intercepting this information requires a privileged position on the local
|
||||||
machine. There are currently no plans to mitigate this issue.
|
machine. There are currently no plans to mitigate this issue.
|
||||||
|
|
||||||
## PoW Spam Prevention as a Metadata Vector
|
|
||||||
|
|
||||||
**Status: Speculative**
|
|
||||||
|
|
||||||
Processing capabilities are not constant, and so a malicious server could perform
|
|
||||||
some correlations/fiddle with difficulty per connection in an attempt to identify
|
|
||||||
connections over time.
|
|
||||||
|
|
||||||
Needs some statistical experimentation to quantify, but given the existing
|
|
||||||
research detecting timeskews over Tor I wouldn't be surprised if this could be derived.
|
|
||||||
|
|
||||||
As for mitigation: Adding a random time skew might be an option,some defense
|
|
||||||
against the server adjusting difficulty too often would also mitigate some of
|
|
||||||
the more extreme vectors.
|
|
||||||
|
|
||||||
Additionally, Token Based Services and Peer-based Groups are both potential
|
|
||||||
options for eliminating this attack vector entirely.
|
|
||||||
|
|
||||||
|
|
||||||
## Testing Status
|
## Testing Status
|
||||||
|
@ -71,3 +43,36 @@ Most tests are run with the `-race` flag which will cause them to fail if
|
||||||
race conditions are detected.
|
race conditions are detected.
|
||||||
|
|
||||||
Both integration tests and unit tests are run automatically for every pull request and main branch merge.
|
Both integration tests and unit tests are run automatically for every pull request and main branch merge.
|
||||||
|
|
||||||
|
## Resolved or Outdated Risks
|
||||||
|
|
||||||
|
## ~~Dependency on Outdated Protobuf Implementation~~
|
||||||
|
|
||||||
|
**Status: Mitigated**
|
||||||
|
|
||||||
|
The group features of Cwtch are enabled by an untrusted infrastructure
|
||||||
|
protcol that was originally implemented using the older ricochet-based channels. The go
|
||||||
|
code that was generated from these channels no longer works given the newest
|
||||||
|
version of the protobufs framework.
|
||||||
|
|
||||||
|
We have removed protobufs entirely from the project by porting this
|
||||||
|
functionality over the Tapir.
|
||||||
|
|
||||||
|
## PoW Spam Prevention as a Metadata Vector
|
||||||
|
|
||||||
|
**Status: Outdated**: Cwtch now uses Token Based Services to separate challenges like PoW from
|
||||||
|
resolving the tokens.
|
||||||
|
|
||||||
|
Processing capabilities are not constant, and so a malicious server could perform
|
||||||
|
some correlations/fiddle with difficulty per connection in an attempt to identify
|
||||||
|
connections over time.
|
||||||
|
|
||||||
|
Needs some statistical experimentation to quantify, but given the existing
|
||||||
|
research detecting timeskews over Tor I wouldn't be surprised if this could be derived.
|
||||||
|
|
||||||
|
As for mitigation: Adding a random time skew might be an option,some defense
|
||||||
|
against the server adjusting difficulty too often would also mitigate some of
|
||||||
|
the more extreme vectors.
|
||||||
|
|
||||||
|
Additionally, Token Based Services and Peer-based Groups are both potential
|
||||||
|
options for eliminating this attack vector entirely.
|
Loading…
Reference in New Issue