|
|
|
|
|
|
by sc00bz
4412 days ago
|
|
|
> Isn't this trivially possible in Cryptocat for anyone who controls the server? Yes this is a known bug since August 2013. When I found it and reported it. This was "patched" but if Mallory controls the server it is still possible. There were three ways to do this: block (which just doesn't send messages to blocked users), silent drop when invalid MAC, and silent drop when invalid tag. Block was turned into ignore and these three cases now display a warning message stating something about integrity. I seem to not be able to find me or anyone stating that "if Mallory controls the server it is still possible". So I guess it was only said in person. Technically it's known but not publicly known :). P.S. This was a "clamp the artery until the mpOTR protocol is finished". |
|
|