[jboss-jira] [JBoss JIRA] (JGRP-2273) ASYM_ENCRYPT: deprecate encrypt_entire_message
Bela Ban (Jira)
issues at jboss.org
Wed Aug 14 02:35:00 EDT 2019
[ https://issues.jboss.org/browse/JGRP-2273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770530#comment-13770530 ]
Bela Ban commented on JGRP-2273:
--------------------------------
[~nsawadsky] Yes, an attacker would be able to do a replay attack. However, UNICAST3 would drop that message as duplicate. This doesn't prevent seqno guessing, e.g. as done in [1].
[1] https://github.com/belaban/JGroups/blob/master/tests/junit-functional/org/jgroups/protocols/EncryptTest.java#L229
> ASYM_ENCRYPT: deprecate encrypt_entire_message
> ----------------------------------------------
>
> Key: JGRP-2273
> URL: https://issues.jboss.org/browse/JGRP-2273
> Project: JGroups
> Issue Type: Enhancement
> Reporter: Bela Ban
> Assignee: Bela Ban
> Priority: Major
> Fix For: 4.1.3
>
>
> In {{ASYM_ENCRYPT}}, {{encrypt_entire_message}} encrypts not only the payload, but also metadata such as destination and sender's address, headers and flags.
> The rationale was to prevent replay attacks. However, this is not an issue, as replayed messages will simply get dropped by the retransmission layer (e.g. NAKACK2 or UNICAST3).
> If people still want this feature, they can write a protocol _above_ {{ASYM_ENCRYPT}}, which serializes the entire message into the payload of a new message, and this would be exactly the same as setting {{encrypt_entire_message}} to {{true}}.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list