Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unencrypted parts of message are added to encrypted part #62

Open
fx5 opened this issue Jun 15, 2015 · 0 comments
Open

Unencrypted parts of message are added to encrypted part #62

fx5 opened this issue Jun 15, 2015 · 0 comments
Assignees
@lkiesow

Comments

@fx5
Copy link

fx5 commented Jun 15, 2015

pre can contain parts of an unencrypted message here: https://github.com/IRCrypt/ircrypt-weechat/blob/master/ircrypt.py#L264

An attacker without access to the password can use this to create messages that look like they were encrypted by someone with access to the password.

My message here >CRY-0 some_replayed_message
@lkiesow lkiesow self-assigned this Jun 16, 2015
lkiesow added a commit that referenced this issue Jun 16, 2015
@lkiesow
Fixed #62, Misuse of encryption marker
d85ff03 
Messages are not split properly so that the first part can contain parts
of an unencrypted message.

An attacker without access to the password can use this to create
messages that look like they were encrypted by someone with access to
the password.

Example:

    My message here >CRY-0 some_replayed_message

This commit fixes this problem by ensuring the encryption marker is
placed at the beginning of the message.

Signed-off-by: Lars Kiesow <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lkiesow lkiesow

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fx5 @lkiesow