forked from cwtch.im/cwtch
Delete 'attacks.md'
This commit is contained in:
parent
e2a366a0b0
commit
808403ed1b
49
attacks.md
49
attacks.md
|
@ -1,49 +0,0 @@
|
||||||
# Attacks On Cwtch
|
|
||||||
|
|
||||||
|
|
||||||
## Server Censorship
|
|
||||||
|
|
||||||
Servers must keep things for as long as possible. This messes with bandwidth requirements, means syncing takes really long.
|
|
||||||
|
|
||||||
We could improve fetch to say something like...fetch messages sent within the last day to improve that.
|
|
||||||
|
|
||||||
We should already restrict length to 1kb.
|
|
||||||
|
|
||||||
Force servers to keep things forever? Have clients do checks? Is this potentially creating a bigger issue down the line?
|
|
||||||
|
|
||||||
This means that secure key rotation is essential! We can't just rely on kdf because the rotation rate is known. Send secret
|
|
||||||
salt on invite!
|
|
||||||
|
|
||||||
## Subgroup Attack
|
|
||||||
|
|
||||||
* Alice invites Bob and Carol to her Group
|
|
||||||
* Carol invites Eve to the group, pretending that she is the Owner.
|
|
||||||
* After some time passes Carol send Eve a group key update
|
|
||||||
* Carol can now selectively reencrypt messages from Alice and Bob to Carol under the new group key.
|
|
||||||
|
|
||||||
Defenses
|
|
||||||
--------
|
|
||||||
|
|
||||||
Eve rejects the initial group invitation because the signed group id doesn't match Carol
|
|
||||||
Carol can create a new group with all the sam parameters and sign it herself though.
|
|
||||||
However Carol will notice messages she can decrypt but are intended for another group, and if she tries to send
|
|
||||||
a message to the group, Alice and Bob will discover their group has been compromised.
|
|
||||||
|
|
||||||
## Key Rotation Attacks
|
|
||||||
|
|
||||||
* Alice invites Bob and Carol to a new Group
|
|
||||||
* Alice invites Eve
|
|
||||||
* Alice rotates the key (using a kdf), sends the new key to the Group
|
|
||||||
* Alice sends invite to Eve with new Key
|
|
||||||
|
|
||||||
Now there is a window where Bob and Carol send messages without receiving the new Key. There is also a possibility that
|
|
||||||
Bob or Carol miss the Key rotation message by being offline during the entire Server buffer period.
|
|
||||||
|
|
||||||
Alice should then technically rebroadcast the key rotation message, along with the iteration, until she received confirmation from Bob and Carol?
|
|
||||||
|
|
||||||
RotateKey, 1
|
|
||||||
AckRotateKey
|
|
||||||
|
|
||||||
Invite
|
|
||||||
mAckInvite
|
|
||||||
|
|
Loading…
Reference in New Issue