You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Specifically, once a connection is established, any new message is simply decrypted and shoved into the clipboard.
A MitM can observe the client handshake and then proceed to inject garbage into the receiver's clipboard. MAC'ing the individual messages (after encryption!) and verifying the MAC before decryption should do the right thing here.
A more sophisticated attacker can exploit mallaebility to alter known plaintexts. I'm struggling to come up with a good threat model for this specific scenario though :P
The text was updated successfully, but these errors were encountered:
Specifically, once a connection is established, any new message is simply decrypted and shoved into the clipboard.
A MitM can observe the client handshake and then proceed to inject garbage into the receiver's clipboard. MAC'ing the individual messages (after encryption!) and verifying the MAC before decryption should do the right thing here.
A more sophisticated attacker can exploit mallaebility to alter known plaintexts. I'm struggling to come up with a good threat model for this specific scenario though :P
The text was updated successfully, but these errors were encountered: