Deprecating some Security Risks
This commit is contained in:
parent
8687d23f60
commit
2a270eba21
63
src/cwtch.md
63
src/cwtch.md
|
@ -2,18 +2,6 @@
|
|||
|
||||
# Known Risks
|
||||
|
||||
## Dependency on Outdated Protobuf Implementation
|
||||
|
||||
**Status: Partially Mitigated (Work in Progress)**
|
||||
|
||||
The group features of Cwtch are enabled by an untrusted infrastructure
|
||||
protcol that is implemented using the older ricochet-based channels. The go
|
||||
code that was generated from these channels no longer works given the newest
|
||||
version of the protobufs framework.
|
||||
|
||||
The goal is to remove protobufs entirely from the project by porting this
|
||||
functionality over the Tapir, once a suitable replacement protocol has been
|
||||
defined.
|
||||
|
||||
## Thread Safety
|
||||
|
||||
|
@ -39,23 +27,7 @@ the file system cross the boundary between the UI front-end and the App backend.
|
|||
Intercepting this information requires a privileged position on the local
|
||||
machine. There are currently no plans to mitigate this issue.
|
||||
|
||||
## PoW Spam Prevention as a Metadata Vector
|
||||
|
||||
**Status: Speculative**
|
||||
|
||||
Processing capabilities are not constant, and so a malicious server could perform
|
||||
some correlations/fiddle with difficulty per connection in an attempt to identify
|
||||
connections over time.
|
||||
|
||||
Needs some statistical experimentation to quantify, but given the existing
|
||||
research detecting timeskews over Tor I wouldn't be surprised if this could be derived.
|
||||
|
||||
As for mitigation: Adding a random time skew might be an option,some defense
|
||||
against the server adjusting difficulty too often would also mitigate some of
|
||||
the more extreme vectors.
|
||||
|
||||
Additionally, Token Based Services and Peer-based Groups are both potential
|
||||
options for eliminating this attack vector entirely.
|
||||
|
||||
|
||||
## Testing Status
|
||||
|
@ -70,4 +42,37 @@ In addition, unit tests are defined for a number of Cwtch modules, however
|
|||
Most tests are run with the `-race` flag which will cause them to fail if
|
||||
race conditions are detected.
|
||||
|
||||
Both integration tests and unit tests are run automatically for every pull request and main branch merge.
|
||||
Both integration tests and unit tests are run automatically for every pull request and main branch merge.
|
||||
|
||||
## Resolved or Outdated Risks
|
||||
|
||||
## ~~Dependency on Outdated Protobuf Implementation~~
|
||||
|
||||
**Status: Mitigated**
|
||||
|
||||
The group features of Cwtch are enabled by an untrusted infrastructure
|
||||
protcol that was originally implemented using the older ricochet-based channels. The go
|
||||
code that was generated from these channels no longer works given the newest
|
||||
version of the protobufs framework.
|
||||
|
||||
We have removed protobufs entirely from the project by porting this
|
||||
functionality over the Tapir.
|
||||
|
||||
## PoW Spam Prevention as a Metadata Vector
|
||||
|
||||
**Status: Outdated**: Cwtch now uses Token Based Services to separate challenges like PoW from
|
||||
resolving the tokens.
|
||||
|
||||
Processing capabilities are not constant, and so a malicious server could perform
|
||||
some correlations/fiddle with difficulty per connection in an attempt to identify
|
||||
connections over time.
|
||||
|
||||
Needs some statistical experimentation to quantify, but given the existing
|
||||
research detecting timeskews over Tor I wouldn't be surprised if this could be derived.
|
||||
|
||||
As for mitigation: Adding a random time skew might be an option,some defense
|
||||
against the server adjusting difficulty too often would also mitigate some of
|
||||
the more extreme vectors.
|
||||
|
||||
Additionally, Token Based Services and Peer-based Groups are both potential
|
||||
options for eliminating this attack vector entirely.
|
Loading…
Reference in New Issue