Fix #748 - Check hash of sig instead of message contents #783
No reviewers
Labels
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
No Milestone
No project
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Bitmessage/PyBitmessage-2024-12-18#783
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "master"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This change addresses the fact that checking for unique(sender + receiver + subject + message) isn't a very good way of detecting duplicate messages; sometimes people do send the same message and expect it to show up. This change instead uses a hash of the signature in a message as a sort of UUID. This way if an attacker creates duplicate objects by recalculating nonces, the duplicates won't show up in receiver's clients because the signatures within the objects will all be the same.
Note that this change would make it so that if a normal sender sends a message and the receiver receives it but the sender doesn't hear an acknowledgement, the sender would resend the message and the message would show up as a duplicate in the receiver's client.