ringrtc icon indicating copy to clipboard operation
ringrtc copied to clipboard
verified publisher icon signalapp

7 bytes of the VP8 payload unencrypted for non key frames

Open lgrahl opened this issue 4 years ago • 3 comments

There's an open todo you probably don't want left unresolved in production.

AFAIK this means that the first 7 bytes of the VP8 payload after the header are usually left unencrypted. The fix should be very simple by looking at the P bit (as done by your SFU) to determine whether to leave 3 or 10 bytes unencrypted.

lgrahl avatar Feb 08 '22 09:02 lgrahl

@jrose-signal any updates on this? It still seems to be on main one year later. Is this a security/privacy concern?

ZagButNoZig avatar Nov 06 '23 10:11 ZagButNoZig

Looks like there's some movement to make it encrypted: https://github.com/signalapp/webrtc/pull/164.

awaitlink avatar Apr 04 '24 11:04 awaitlink

Looks like there's some movement to make it encrypted: signalapp/webrtc#164.

Nah, that's just audio atm (although I'm not sure why one would need to leave parts of an audio frame unencrypted).

lgrahl avatar Apr 04 '24 12:04 lgrahl