@whispersystems I'd research it myself but I'm afk, can you protect against a DoS through exhaustion of a client's prekeys?
-
-
-
@justinsteven Yes, you rate limit on the server, and there's a "last resort" key that can be reused but rotates periodically. -
@whispersystems so is the rate limit global for the client, what if I control 100 "senders"? I'll look into the last resort key. Thanks! -
@justinsteven Yep, with 100 verified numbers you can exhaust keys if the owner is offline. Doesn't disrupt communication though. -
@whispersystems because you can fall onto the last resort key? Are there crypto weaknesses in reusing this key, or do you only lose pfs? -
@justinsteven You only lose pfs for the first message transmitted. Keys ratchet forward for subsequent messages. -
@whispersystems unless the client stays offline and you're gunning messages at them, right? -
@justinsteven That's correct, no pfs until you get a response. Although the last resort key is rotated periodically as well. - 1 more reply
New conversation -
-
-
@whispersystems@moxie Is the protocol documented (in more detail) anywhere? Would like to dig into it in more detail. -
@adamcaudill That blog post is discussion next generation changes that are in the making. Current generation is:https://github.com/WhisperSystems/TextSecure/wiki/Protocol …
End of conversation
New conversation -
-
-
@whispersystems@moxie Could one launch a Denial of Service by exhausting "the server" of pre-keys?#CryptoNoob -
@AdamOfDc949 Yes, you have to rate limit on the server, and there's a "last resort" key that can be reused but rotates periodically.
End of conversation
New conversation -
-
-
@whispersystems what if the list of prekey's is silently compromised? -
@technicalmoses They are signed with the owners identity key. -
@whispersystems And if an attacker has that, all bets off anyways. Sounds cool. Crypto is fun.
End of conversation
New conversation -
-
-
@whispersystems@moxie Cool. You can also do this more efficiently with tree-based systems. -
@matthew_d_green Tell us more... -
@whispersystems Well, I was thinking of this http://www.cs.umd.edu/~jkatz/papers/forward-enc-full.pdf … but it turns out to require some stronger crypto... So scratch that.
End of conversation
New conversation -
-
-
@whispersystems what is meant by 'the server'?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@whispersystems@moxie if phone is lost, how to revoke/regen pre-keys? Sounds like a great idea Btw. Simple crypto is badly needed.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.