From a536ea7742af287cae7e5779262351ead831b824 Mon Sep 17 00:00:00 2001 From: Bruno Windels Date: Mon, 1 Mar 2021 22:28:19 +0100 Subject: [PATCH] comment to explain replay attack better --- src/matrix/e2ee/megolm/decryption/DecryptionChanges.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/matrix/e2ee/megolm/decryption/DecryptionChanges.js b/src/matrix/e2ee/megolm/decryption/DecryptionChanges.js index 10a2da87..b45ab6dd 100644 --- a/src/matrix/e2ee/megolm/decryption/DecryptionChanges.js +++ b/src/matrix/e2ee/megolm/decryption/DecryptionChanges.js @@ -47,6 +47,10 @@ export class DecryptionChanges { }; } + // need to handle replay attack because + // if we redecrypted the same message twice and showed it again + // then it could be a malicious server admin replaying the word “yes” + // to make you respond to a msg you didn’t say “yes” to, or something async _handleReplayAttack(roomId, replayEntry, txn) { const {messageIndex, sessionId, eventId, timestamp} = replayEntry; const decryption = await txn.groupSessionDecryptions.get(roomId, sessionId, messageIndex);