deploy: a1ce3b9c69
This commit is contained in:
epoberezkin
@@ -233,11 +233,11 @@ window.addEventListener('scroll',changeHeaderBg);
|
||||
<p>The issues are explained below, and the full security review is available via <a href="https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Chat_Final_Report_11_03_2022.pdf">this link</a>.</p>
|
||||
<p>We are hugely thankful to Trails Of Bits and their engineers for the work they did, helping us identify these issues and strengthen the security of SimpleX Chat.</p>
|
||||
<h3 id="medium-severity-issues" tabindex="-1">Medium severity issues</h3>
|
||||
<h5 id="x3dh-key-exchange-for-double-ratchet-protocol" tabindex="-1">X3DH key exchange for double ratchet protocol</h5>
|
||||
<h4 id="x3dh-key-exchange-for-double-ratchet-protocol" tabindex="-1">X3DH key exchange for double ratchet protocol</h4>
|
||||
<p>We made a mistake implementing X3DH key exchange - the key derivation function was not applied to the result of concatenation of three DH operations. The attack to exploit this mistake has high complexity, as it would require compromising one of private keys generated by the clients, and also it would only affect forward secrecy until break-in recovery happens (after both sides sent some messages).</p>
|
||||
<p>Please note that SimpleX does not perform X3DH with long-term identity keys, as the SimpleX protocol does not rely on long-term keys to identify client devices. Therefore, the impact of compromising a key will be less severe, as it will affect only the secrets of the connection where the key was compromised.</p>
|
||||
<p>This issue is fixed in version 4.2 in <a href="https://github.com/simplex-chat/simplexmq/pull/548/files">this PR</a>, and if both clients are updated the key exchange will not have this vulnerability. Also, previously created connections should be secure as long as both sides sent the messages, but if you believe that your private key(s) could have been compromised (for example, if you used SimpleX Chat since before we added database encryption), we recommend that you create the new connections with your contacts, at least with the security-critical ones. Simply rotating the connection queue (manual queue rotation is added in version 4.2) will not be sufficient, as this rotation does not re-initialize the ratchets - this is something we will be adding in the future.</p>
|
||||
<h5 id="keys-are-stored-in-unpinned-memory-and-not-cleared-after-their-lifetime" tabindex="-1">Keys are stored in unpinned memory and not cleared after their lifetime</h5>
|
||||
<h4 id="keys-are-stored-in-unpinned-memory-and-not-cleared-after-their-lifetime" tabindex="-1">Keys are stored in unpinned memory and not cleared after their lifetime</h4>
|
||||
<p>The problem here is that the memory with cryptographic keys can be swapped to the storage and potentially accessed by an attacker who has root-level access to the device (or the level of access required to access swap file of the application). So, if you are running SimpleX Chat on desktop you could improve its security by running it in an isolated container.</p>
|
||||
<p>On mobile operating systems it is less severe as each application already runs in its own container, and applications do not share access to their swap areas (e.g., on Android swap is a <a href="https://developer.android.com/topic/performance/memory-management">compressed area in RAM</a> not accessible to other applications).</p>
|
||||
<p>To exploit this issue an attacker needs to have a privileged system access to the device. Also, we believe <a href="https://www.microsoft.com/en-us/research/wp-content/uploads/1993/01/gen-gc-for-haskell.pdf">Haskell generational garbage collection</a> makes the lifetime of unused memory lower than in other languages.</p>
|
||||
|
||||
15
css/blog.css
15
css/blog.css
@@ -66,13 +66,26 @@ section.container>div>p:nth-child(2) {
|
||||
margin: 50px 0 25px 0;
|
||||
}
|
||||
|
||||
#article h4 {
|
||||
font-size: 16px;
|
||||
font-weight: 700;
|
||||
letter-spacing: 0.02em;
|
||||
color: #606C71;
|
||||
|
||||
margin: 50px 0 25px 0;
|
||||
}
|
||||
|
||||
@media (min-width:768px) {
|
||||
#article h3 {
|
||||
font-size: 28px;
|
||||
}
|
||||
|
||||
#article h4 {
|
||||
font-size: 20px;
|
||||
}
|
||||
}
|
||||
|
||||
.dark #article h3 {
|
||||
.dark #article h3, .dark #article h4 {
|
||||
color: white;
|
||||
}
|
||||
|
||||
|
||||
@@ -17,6 +17,9 @@ h2 {
|
||||
h3 {
|
||||
font-size: 1.8rem;
|
||||
}
|
||||
h4 {
|
||||
font-size: 1.4rem;
|
||||
}
|
||||
@media (max-width: 576px) {
|
||||
h2 {
|
||||
font-size: 1.9rem;
|
||||
@@ -24,6 +27,9 @@ h3 {
|
||||
h3 {
|
||||
font-size: 1.5rem;
|
||||
}
|
||||
h4 {
|
||||
font-size: 1.2rem;
|
||||
}
|
||||
}
|
||||
p {
|
||||
font-size: 1.1rem;
|
||||
|
||||
Reference in New Issue
Block a user