-
ralphm
vanitasvitae: done, should be crawled somewhere in the next 30min
-
vanitasvitae
ralphm: nice. Thank you very much :)
-
jonas’
is there any reason to use a CSPRNG for stanza @id values?
-
jonas’
(if one checks both @from and @id when associating replies)
-
Zash
jonas’: Probably overkill, but why not?
-
jonas’
Zash, takes double the time
-
jonas’
(when sourced from getrandom())
-
Zash
because syscall?
-
jonas’
yeah
-
jonas’
(probably)
-
Zash
jonas’: compared to what? and is it a problem?
-
jonas’
Zash, compared to the mersenne twister
-
jonas’
we’re revisiting how aioxmpp generates stanza IDs
-
Ge0rG
I wonder what the possible attack vector is. Injecting IQ responses ahead of the actual response? By whom?
-
Ge0rG
Unless you have a smack3 level of stanza correlation, where you just run a packet listener based on the packet ID, ignoring the @from
-
jonas’
that was my train of thought, too
-
jonas’
anyone who would be able to inject a reply is on the path anyways and can observe the @from and the @id
-
jonas’
assuming that s2s authentication and routing in servers works as intended
-
Ge0rG
a bold assumption.
-
jonas’
so if you can off-path inject stanzas due to broken s2s authentication (but you cannot intercept them entirely), being able to predict stanza IDs would be useful
-
jonas’
this could work with broken one-way s2s auth, some dialback stuff for example
-
Ge0rG
reminds me of the `Received[s2sout]` debug logs I saw today from my prosody.
-
jonas’
but uh
-
Ge0rG
s2s directions make me dizzy.
-
Zash
don't look at dialback
-
Ge0rG
I won't. Dialback, PubSub and MIX are danger zones I avoid at all costs.
-
jonas’
so, the attack is rather hard and unlikely (it is more likely that you’ll be able to intercept the sent stanza and send a reply without having to guess the @id) and requires fault in another component
-
jonas’
huh, putting dialback into the same bucket as pubsub and mix is ... interesting
-
Zash
jonas’: having multiple PRNGs available might lead to accidentally using a weak one for something sensitive, and if it's something that can slowly leak state that might be bad
-
jonas’
Zash, that’s what sebi is saying
-
Kev
Not reading everything, but predictable IDs are a privacy leak rather than a practical attack, for the most part.
-
jonas’
how are they a privacy leak?
-
Kev
<message id='sessionstanza4234230498723408974'><body>Sorry, I've only just come online, I've not been ignoring you</...
-
jonas’
right
-
jonas’
that’s something different than just predictability though
-
jonas’
that’s sequential
-
Kev
It's somewhere in between, I think.
-
jonas’
a mersenne twister is predictable (with enough computing and enough samples), but by seeing a value, you don’t know whether that’s the first, tenth, or 1000th value
-
Kev
It doesn't have to be strictly sequential to have this property.
-
jonas’
mmm
-
jonas’
I see your point though
-
Kev
This was mostly a problem for two reasons: 1) People were using 1,2,3... 2) Some libraries are (were?) completely broken and ignored the sender of a stanza as long as the id was expected, so you could inject weird iq responses and they'd trust them.
-
Kev
(2) Is just brokenness
-
Kev
(1) has the unexpected privacy implications.
-
Ge0rG
yaxim is full of (2).
-
Kev
I don't think we need crypto-secure IDs.
-
Ge0rG
Now give me a CVE!
-
Zash
Ge0rG: Weren't there one or more for that already?
-
Ge0rG
Zash: not for that, no
-
Ge0rG
yaxim's got two CVEs so far IIRC.
-
Zash
Ge0rG: I distinctly remember CVE(s) for not checking 'from' on eg roster pushes that affected a *ton* of clients.
-
Ge0rG
Zash: yeah, I think smack wasn't affected or somesuch
-
Alex
memberbot is online for accepting your votes on the board & council election
-
Seve
Great! Thank you Alex
-
Seve
And good luck everyone!
-
jonas’
thanks, Alex
-
Ge0rG
Last time I checked, one of the applications was still empty...
-
jonas’
they’re all non-empty :)
-
Alex
there was some hard last minute work happening ;-)
-
jonas’
as usual..
-
lovetox
Gajim uses uuid as id, but i just checked and indeed it does not check the answer adress
-
lovetox
just the id
-
lovetox
how bad is this?
-
lovetox
i guess if someone is in the position to utilize that, then the id doesnt matter anyway because he is a man in the middle?
-
lovetox
hm yeah the chance that another contact guesses the uuid at the exact right time is impossible