Messages with same content #748

Closed
opened 2014-12-17 22:23:01 +01:00 by Klexx · 18 comments
Klexx commented 2014-12-17 22:23:01 +01:00 (Migrated from github.com)

If the client receives several messages with the same content it shows only one message in the inbox (acknowledgement is sent like normal). Even if one message is already in the trash and the inbox is empty.
Can someone confirm that ?

If the client receives several messages with the same content it shows only one message in the inbox (acknowledgement is sent like normal). Even if one message is already in the trash and the inbox is empty. Can someone confirm that ?
Atheros1 commented 2014-12-18 20:09:30 +01:00 (Migrated from github.com)

Yes, that is how it works. Until messages include a UUID, that is how duplicates are detected: unique(sender + receiver + subject + message).

Yes, that is how it works. Until messages include a UUID, that is how duplicates are detected: unique(sender + receiver + subject + message).
Klexx commented 2014-12-18 20:20:44 +01:00 (Migrated from github.com)

Ok, i see! So a UUID is planed for the future?

Ok, i see! So a UUID is planed for the future?
Atheros1 commented 2014-12-18 20:23:05 +01:00 (Migrated from github.com)

Yes, it would be needed for message-continuation since 256 kB for messages is a limit some people will want to work-around some day.

Yes, it would be needed for message-continuation since 256 kB for messages is a limit some people will want to work-around some day.
Klexx commented 2014-12-18 20:26:48 +01:00 (Migrated from github.com)

(A way to remove messages from trash (via api) would be helpful until there is a UUID or unique(sender + receiver + subject + message + time).

(A way to remove messages from trash (via api) would be helpful until there is a UUID or unique(sender + receiver + subject + message + time).
Kagami commented 2015-02-20 22:17:02 +01:00 (Migrated from github.com)

@Atheros1 Could we please disable this behavior? I think it may cause great confusion for the users. There was forum thread some days ago: https://bitmessage.org/forum/index.php?topic=4258, also I experienced the same problem recently: https://www.reddit.com/r/bitmessage/comments/2utvh8/email_to_bitmessage_gateway_service_launched_in/corsak8

I think the current behavior is completely nonintuitive.

@Atheros1 Could we please disable this behavior? I think it may cause great confusion for the users. There was forum thread some days ago: https://bitmessage.org/forum/index.php?topic=4258, also I experienced the same problem recently: https://www.reddit.com/r/bitmessage/comments/2utvh8/email_to_bitmessage_gateway_service_launched_in/corsak8 I think the current behavior is completely nonintuitive.
Atheros1 commented 2015-02-20 23:29:48 +01:00 (Migrated from github.com)

Yes, I think that that would be a good idea. I can take it out.

Yes, I think that that would be a good idea. I can take it out.
Atheros1 commented 2015-02-21 00:37:34 +01:00 (Migrated from github.com)

Actually, how about this: The signature of a message, or a hash thereof, can be used as a temporary UUID since it contains a randomly generated component. We can store the hash of the signature and check if it is unique instead of the sender + receiver + subject + message.

Actually, how about this: The signature of a message, or a hash thereof, can be used as a temporary UUID since it contains a randomly generated component. We can store the hash of the signature and check if it is unique instead of the sender + receiver + subject + message.
Kagami commented 2015-02-21 00:47:08 +01:00 (Migrated from github.com)

Why we can't just use inventory hash (hash of the object message payload) to distinguish duplicated objects? If some component of the object was changed, then it would be another inventory hash.

Why we can't just use inventory hash (hash of the object message payload) to distinguish duplicated objects? If some component of the object was changed, then it would be another inventory hash.
Atheros1 commented 2015-02-21 00:52:11 +01:00 (Migrated from github.com)

Because the inventory hash includes the nonce which can be changed by attackers. The attacker would simply find the next nonce and rerelease the object. The object would have a different inventory hash and would show up as a duplicate message in the recipient's client.

Because the inventory hash includes the nonce which can be changed by attackers. The attacker would simply find the next nonce and rerelease the object. The object would have a different inventory hash and would show up as a duplicate message in the recipient's client.
Kagami commented 2015-02-21 00:59:52 +01:00 (Migrated from github.com)

Ah, I see. Haven't thought at all about that kind of attack vector.
So yes, you are right, it can be some hash of the rest of the object or just the signature.

Ah, I see. Haven't thought at all about that kind of attack vector. So yes, you are right, it can be some hash of the rest of the object or just the signature.
Kagami commented 2015-02-21 01:08:40 +01:00 (Migrated from github.com)

Also, I'm wondering what is the original motivation to sign everything except the nonce? I know several appliances where it can be useful (e.g. doing the POW and encryption on a different computers), but at the same time it allows some kind of replay attacks.

Also, I'm wondering what is the original motivation to sign everything except the nonce? I know several appliances where it can be useful (e.g. doing the POW and encryption on a different computers), but at the same time it allows some kind of replay attacks.
Atheros1 commented 2015-02-21 01:18:24 +01:00 (Migrated from github.com)

Is your question "Why sign the time?"? Or is your question "Why not sign the nonce?"?

Is your question "Why sign the time?"? Or is your question "Why not sign the nonce?"?
Kagami commented 2015-02-21 01:21:23 +01:00 (Migrated from github.com)

Why not sign the nonce?

Why not sign the nonce?
Atheros1 commented 2015-02-21 01:28:24 +01:00 (Migrated from github.com)

We cannot sign the nonce because the nonce covers the signature. We cannot create the nonce without having the signature first.

We cannot sign the nonce because the nonce covers the signature. We cannot create the nonce without having the signature first.
PeterSurda commented 2015-02-21 02:04:30 +01:00 (Migrated from github.com)

Re: Atheros1: "Because the inventory hash includes the nonce which can be changed by attackers."

I suspected it is something like this, this sounds like the infamous malleability attack on Bitcoin. I thought that this is the reason why it was implemented like this (to prevent the attack from flooding inbox), but I don't know that much about the protocol, so I'll wait until someone else fixes it properly.

Re: Atheros1: "Because the inventory hash includes the nonce which can be changed by attackers." I suspected it is something like this, this sounds like the infamous malleability attack on Bitcoin. I thought that this is the reason why it was implemented like this (to prevent the attack from flooding inbox), but I don't know that much about the protocol, so I'll wait until someone else fixes it properly.
Atheros1 commented 2015-02-21 02:18:06 +01:00 (Migrated from github.com)

Indeed, it is similar to the malleability attack. Any part of any object can be changed by anyone if the attacker is willing to recompute the POW. The only part of the object that the attacker can change that won't result in the object being rejected by the receiver is the nonce.

Indeed, it is similar to the malleability attack. Any part of any object can be changed by anyone if the attacker is willing to recompute the POW. The only part of the object that the attacker can change that won't result in the object being rejected by the receiver is the nonce.
Kagami commented 2015-02-22 09:54:02 +01:00 (Migrated from github.com)

Cool, thanks!

Cool, thanks!
Klexx commented 2015-02-22 14:14:13 +01:00 (Migrated from github.com)

👍

:+1:
This repo is archived. You cannot comment on issues.
No Milestone
No project
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2024-12-03#748
No description provided.