Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

different devices with the same curve25519 key confuse the olm layer #1143

Open
richvdh opened this issue Feb 15, 2017 · 4 comments
Open

different devices with the same curve25519 key confuse the olm layer #1143

richvdh opened this issue Feb 15, 2017 · 4 comments
Labels
A-E2EE P2 S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect

Comments

@richvdh
Copy link
Member

richvdh commented Feb 15, 2017

We assume that no two devices will ever share a curve25519 key, which means that we will use the same OlmSession for two devices if they do, leading to mysterious failiures to decrypt. We can do better than this
@richvdh richvdh added the A-E2EE label Feb 15, 2017
@richvdh richvdh mentioned this issue Feb 15, 2017
Closed
25 tasks
@ara4n
Copy link
Member

ara4n commented Feb 17, 2017

presumably this is quite likely if people clone their devices by restoring from backup etc?

@ara4n ara4n added T-Defect S-Major Severely degrades major functionality or product features, with no satisfactory workaround P2 labels Feb 17, 2017
@richvdh
Copy link
Member Author

richvdh commented Mar 2, 2017

if you restore from backup, you'll probably end up with the same deviceid.

It hits people who use the js-sdk with node-localstorage, because the js-sdk persists the olm keys to localstorage, but not the device id/accesstoken/etc; so you end up reusing the old keys with a new deviceid.

@ara4n
Copy link
Member

ara4n commented May 4, 2017

from a riot perspective this really isn't that urgent, given we don't use node-localstorage.

@ara4n ara4n mentioned this issue May 16, 2017
Closed
@go2null
Copy link

go2null commented Jan 9, 2018

Another use case where this occurs - overwrite an F-Droid installation with a Playstore install.
(I know, I know, this is really out there, but just wanted to expand the problem domain.)

@t3chguy t3chguy transferred this issue from element-hq/element-web Mar 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-E2EE P2 S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@go2null @ara4n @richvdh