Commit 8de0f1fb authored by Mark Haines's avatar Mark Haines Committed by GitHub
Browse files

Merge pull request #32 from matrix-org/markjh/replay

Document the potential for message replays and possible mitigations
parents d1a53586 884ad024
......@@ -274,6 +274,17 @@ bytes preceding the signature.
Limitations
-----------
Message Replays
---------------
A message can be decrypted successfully multiple times. This means that an
attacker can re-send a copy of an old message, and the recipient will treat it
as a new message.
To mitigate this it is recommended that applications track the ratchet indices
they have received and that they reject messages with a ratchet index that
they have already decrypted.
Lack of Transcript Consistency
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment