comment to explain replay attack better

This commit is contained in:
Bruno Windels 2021-03-01 22:28:19 +01:00
parent a33200d926
commit a536ea7742

View File

@ -47,6 +47,10 @@ export class DecryptionChanges {
}; };
} }
// need to handle replay attack because
// if we redecrypted the same message twice and showed it again
// then it could be a malicious server admin replaying the word “yes”
// to make you respond to a msg you didnt say “yes” to, or something
async _handleReplayAttack(roomId, replayEntry, txn) { async _handleReplayAttack(roomId, replayEntry, txn) {
const {messageIndex, sessionId, eventId, timestamp} = replayEntry; const {messageIndex, sessionId, eventId, timestamp} = replayEntry;
const decryption = await txn.groupSessionDecryptions.get(roomId, sessionId, messageIndex); const decryption = await txn.groupSessionDecryptions.get(roomId, sessionId, messageIndex);