Merge pull request #32 from matrix-org/markjh/replay
Document the potential for message replays and possible mitigations
This commit is contained in:
Mark Haines
GitHub
commit
8de0f1fbb3
1 changed files with 11 additions and 0 deletions
|
|
@ -274,6 +274,17 @@ bytes preceding the signature.
|
||||||
Limitations
|
Limitations
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
|
Message Replays
|
||||||
|
---------------
|
||||||
|
|
||||||
|
A message can be decrypted successfully multiple times. This means that an
|
||||||
|
attacker can re-send a copy of an old message, and the recipient will treat it
|
||||||
|
as a new message.
|
||||||
|
|
||||||
|
To mitigate this it is recommended that applications track the ratchet indices
|
||||||
|
they have received and that they reject messages with a ratchet index that
|
||||||
|
they have already decrypted.
|
||||||
|
|
||||||
Lack of Transcript Consistency
|
Lack of Transcript Consistency
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue