securedrop icon indicating copy to clipboard operation
securedrop copied to clipboard
verified publisher icon freedomofpress

Code a (tiny bit) brittle

Open nwalfield opened this issue 2 years ago • 1 comments

https://github.com/freedomofpress/securedrop/blob/8d00ba5d9d3835a22a09bcd3a338b65aee697e7d/redwood/src/decryption.rs#L51-L68

The above code is a bit brittle in principle, but probably okay in practice. The problem is that just because we fail to decrypt a PKESK doesn't mean that there isn't a later PKESK that we could decrypt, but won't try. In practice, this will only happen if there are two PKESKs with the same key ID. As key IDs are 64 bits, it is possible that this could happen by chance, but very unlikely. Alternatively, an attacker could insert a PKESK with a colliding PKESK. But if we allow an attack to modify the message, they can probably do much worse things.

nwalfield avatar Oct 12 '23 11:10 nwalfield

Currently we only try to decrypt messages sent by trusted journalists, so we can reasonably assume they aren't malicious. I'm not going to mark this as a release blocker, but we should still fix this.

legoktm avatar Oct 12 '23 15:10 legoktm