Merge pull request #32 from matrix-org/markjh/replay
Document the potential for message replays and possible mitigations
This commit is contained in:
Mark Haines
GitHub
commit
8de0f1fbb3
1 changed files with 11 additions and 0 deletions
|
|
@ -274,6 +274,17 @@ bytes preceding the signature.
|
|||
Limitations
|
||||
-----------
|
||||
|
||||
Message Replays
|
||||
---------------
|
||||
|
||||
A message can be decrypted successfully multiple times. This means that an
|
||||
attacker can re-send a copy of an old message, and the recipient will treat it
|
||||
as a new message.
|
||||
|
||||
To mitigate this it is recommended that applications track the ratchet indices
|
||||
they have received and that they reject messages with a ratchet index that
|
||||
they have already decrypted.
|
||||
|
||||
Lack of Transcript Consistency
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue