Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Warning when the "last resort" prekey is used (and forward secrecy is compromised) #1535

Closed
lxgr opened this issue May 28, 2014 · 3 comments
Closed

Comments

@lxgr
Copy link
Contributor

lxgr commented May 28, 2014

As far as I understand the protocol, a "last resort" prekey (that doesn't provide forward secrecy) is used for offline session establishment if all regular prekeys on the server have been used.

Are users warned if that situation occurs?

@moxie0
Copy link
Contributor

moxie0 commented May 28, 2014

This isn't something that we want to surface to users. If anything, in the future we'll just rotate that key.

@moxie0 moxie0 closed this as completed May 28, 2014
@tinloaf
Copy link
Contributor

tinloaf commented May 28, 2014

But how about warning a user if his own last resort key is repeatedly used? If this happens repeatedly, this could mean that someone is attacking him by intentionally depleting the prekeys, which is an attack that TS cannot effectively mitigate, right?

So if this happens a lot, effectively completely stripping my TS of forward secrecy, I think as a user I would expect some form of warning.

@moxie0
Copy link
Contributor

moxie0 commented May 28, 2014

This "attack" can only effect the first message a contact ever sends you. We can mitigate it by rotating the key. We shouldn't ever surface anything like this to the user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants