mirror of
https://github.com/simplex-chat/simplex-chat.git
synced 2025-03-14 09:45:42 +00:00
blog: update headers
This commit is contained in:
Evgeny Poberezkin
parent
00af82cb19
commit
a1ce3b9c69
3 changed files with 22 additions and 3 deletions
|
|
@ -31,7 +31,7 @@ We are hugely thankful to Trails Of Bits and their engineers for the work they d
|
|||
|
||||
### Medium severity issues
|
||||
|
||||
##### X3DH key exchange for double ratchet protocol
|
||||
#### X3DH key exchange for double ratchet protocol
|
||||
|
||||
We made a mistake implementing X3DH key exchange - the key derivation function was not applied to the result of concatenation of three DH operations. The attack to exploit this mistake has high complexity, as it would require compromising one of private keys generated by the clients, and also it would only affect forward secrecy until break-in recovery happens (after both sides sent some messages).
|
||||
|
||||
|
|
@ -39,7 +39,7 @@ Please note that SimpleX does not perform X3DH with long-term identity keys, as
|
|||
|
||||
This issue is fixed in version 4.2 in [this PR](https://github.com/simplex-chat/simplexmq/pull/548/files), and if both clients are updated the key exchange will not have this vulnerability. Also, previously created connections should be secure as long as both sides sent the messages, but if you believe that your private key(s) could have been compromised (for example, if you used SimpleX Chat since before we added database encryption), we recommend that you create the new connections with your contacts, at least with the security-critical ones. Simply rotating the connection queue (manual queue rotation is added in version 4.2) will not be sufficient, as this rotation does not re-initialize the ratchets - this is something we will be adding in the future.
|
||||
|
||||
##### Keys are stored in unpinned memory and not cleared after their lifetime
|
||||
#### Keys are stored in unpinned memory and not cleared after their lifetime
|
||||
|
||||
The problem here is that the memory with cryptographic keys can be swapped to the storage and potentially accessed by an attacker who has root-level access to the device (or the level of access required to access swap file of the application). So, if you are running SimpleX Chat on desktop you could improve its security by running it in an isolated container.
|
||||
|
||||
|
|
|
|||
|
|
@ -66,13 +66,26 @@ section.container>div>p:nth-child(2) {
|
|||
margin: 50px 0 25px 0;
|
||||
}
|
||||
|
||||
#article h4 {
|
||||
font-size: 16px;
|
||||
font-weight: 700;
|
||||
letter-spacing: 0.02em;
|
||||
color: #606C71;
|
||||
|
||||
margin: 50px 0 25px 0;
|
||||
}
|
||||
|
||||
@media (min-width:768px) {
|
||||
#article h3 {
|
||||
font-size: 28px;
|
||||
}
|
||||
|
||||
#article h4 {
|
||||
font-size: 20px;
|
||||
}
|
||||
}
|
||||
|
||||
.dark #article h3 {
|
||||
.dark #article h3, .dark #article h4 {
|
||||
color: white;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,9 @@ h2 {
|
|||
h3 {
|
||||
font-size: 1.8rem;
|
||||
}
|
||||
h4 {
|
||||
font-size: 1.4rem;
|
||||
}
|
||||
@media (max-width: 576px) {
|
||||
h2 {
|
||||
font-size: 1.9rem;
|
||||
|
|
@ -24,6 +27,9 @@ h3 {
|
|||
h3 {
|
||||
font-size: 1.5rem;
|
||||
}
|
||||
h4 {
|
||||
font-size: 1.2rem;
|
||||
}
|
||||
}
|
||||
p {
|
||||
font-size: 1.1rem;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue