Bitmessage/PyBitmessage-2024-11-30
Archived
2
0
Fork 0
Code Issues 168 Pull Requests 53 Actions Packages Projects Releases 5 Wiki Activity

Fix #748 - Check hash of sig instead of message contents #783

Merged
Atheros1 merged 2 commits from master into master 2015-02-22 01:44:00 +01:00
Conversation 0 Commits 2 Files Changed 5 +106 -129
Atheros1 commented 2015-02-22 00:13:13 +01:00 (Migrated from github.com)
Copy Link

This change addresses the fact that checking for unique(sender + receiver + subject + message) isn't a very good way of detecting duplicate messages; sometimes people do send the same message and expect it to show up. This change instead uses a hash of the signature in a message as a sort of UUID. This way if an attacker creates duplicate objects by recalculating nonces, the duplicates won't show up in receiver's clients because the signatures within the objects will all be the same.
Note that this change would make it so that if a normal sender sends a message and the receiver receives it but the sender doesn't hear an acknowledgement, the sender would resend the message and the message would show up as a duplicate in the receiver's client.

This change addresses the fact that checking for unique(sender + receiver + subject + message) isn't a very good way of detecting duplicate messages; sometimes people do send the same message and expect it to show up. This change instead uses a hash of the signature in a message as a sort of UUID. This way if an attacker creates duplicate objects by recalculating nonces, the duplicates won't show up in receiver's clients because the signatures within the objects will all be the same. Note that this change would make it so that if a normal sender sends a message and the receiver receives it but the sender doesn't hear an acknowledgement, the sender would resend the message and the message would show up as a duplicate in the receiver's client.
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something isn't working as it's supposed to

  
build

Related to building or build system

  
dependencies

Pull requests that update a dependency file

  
developers

The issue is relevant mainly for developers rather than users

  
documentation

   
duplicate

   
enhancement

New feature

  
formatting

Code or UI text formatting

  
invalid

   
legal

   
mobile

Frontend for mobile devices (kivy)

  
obsolete

   
packaging

   
performance

   
protocol

Protocol change

  
question

   
refactoring

   
regression

Some issue, fixed in the past, appears again

  
security

   
test

   
translation

   
usability

   
wontfix
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2024-11-30#783
No description provided.
Delete Branch "master"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?