review comments

pull/977/head
Andrew Morgan 5 years ago
parent 36cb8ed894
commit 0444c8016b

@ -65,11 +65,7 @@ hashed). First the client must append the medium to the address:
```
Hashes must be peppered in order to reduce both the information an identity
server gains during the process, and attacks the client can perform. Clients
will have to generate a full rainbow table specific to the set pepper to
obtain all registered MXIDs, while the server has to generate a full rainbow
table with the specific pepper to get the plaintext 3pids for non-matrix
users.
server gains during the process, and attacks the client can perform. [0]
In order for clients to know the pepper and hashing algorithm they should use,
Identity servers must make the information available on the `/hash_details`
@ -87,13 +83,14 @@ GET /_matrix/identity/v2/hash_details
The name `lookup_pepper` was chosen in order to account for pepper values
being returned for other endpoints in the future. The contents of
`lookup_pepper` MUST match the regular expression `[a-zA-Z0-9]+` (unless no
hashing is being performed, as described below). If `lookup_pepper` is an
empty string, clients MUST cease the lookup operation.
hashing is being performed, as described below). If hashing is being
performed, and `lookup_pepper` is an empty string, clients MUST cease the
lookup operation.
```
The client should append the pepper to the end of the 3PID string before
hashing.
```
"alice@example.com email" -> "alice@example.com emailmatrixrocks"
"bob@example.com email" -> "bob@example.com emailmatrixrocks"
"carl@example.com email" -> "carl@example.com emailmatrixrocks"
@ -106,22 +103,26 @@ handle identity servers which may rotate their pepper values frequently.
Clients MUST choose one of the given hash algorithms to encrypt the 3PID
during lookup.
At a minimum, clients and identity servers MUST support SHA-256 as defined by
[RFC 4634](https://tools.ietf.org/html/rfc4634), identified by the
`algorithm` value `"sha256"`. SHA-256 was chosen as it is currently used
throughout the Matrix spec, as well as its properties of being quick to hash.
While this reduces the resources necessary to generate a rainbow table for
attackers, a fast hash is necessary if particularly slow mobile clients are
going to be hashing thousands of contact details. Other algorithms can be
negotiated by the client and server at their discretion.
Clients and identity servers MUST support SHA-256 as defined by [RFC
4634](https://tools.ietf.org/html/rfc4634), identified by the `algorithm`
value `"sha256"`. SHA-256 was chosen as it is currently used throughout the
Matrix spec, as well as its properties of being quick to hash. While this
reduces the resources necessary to generate a rainbow table for attackers, a
fast hash is necessary if particularly slow mobile clients are going to be
hashing thousands of contact details. Other algorithms can be negotiated by
the client and server at their discretion.
There are certain situations when an identity server cannot be expected to
compare hashed 3PID values; When a server is connected to a backend provider
such as LDAP, there is no way for the identity server to efficiently pull all
of the addresses and hash them. For this case, the `algorithm` field of `GET
/hash_details` may be set to `"m.none"`, and `lookup_pepper` will be an empty
string. No hashing will be performed if the client and server decide on this,
and 3PIDs will be sent in plain-text, similar to the v1 `/lookup` API.
compare hashed 3PID values; for example, when a server is connected to a
backend provider such as LDAP, there is no way for the identity server to
efficiently pull all of the addresses and hash them. For this case, clients
and server MUST also support sending plain-text 3PID values. To agree upon
this, the `algorithm` field of `GET /hash_details` MUST be set to `"m.none"`,
whereas `lookup_pepper` will be an empty string. No hashing will be performed
if the client and server decide on this, and 3PIDs will be sent in
plain-text, similar to the v1 `/lookup` API. When this occurs, it is STRONGLY
RECOMMENDED for the client to prompt the user before continuing, and receive
consent for sending 3PID details in plain-text to the identity server.
When performing a lookup, the pepper and hashing algorithm the client used
must be part of the request body (even when using the `"m.none"` algorithm
@ -277,3 +278,10 @@ This proposal outlines a simple method to stop bulk collection of user's
contact lists and their social graphs without any disastrous side effects. All
functionality which depends on the lookup service should continue to function
unhindered by the use of hashes.
## Footnotes
[0] Clients would have to generate a full rainbow table specific to the set
pepper to obtain all registered MXIDs, while the server would have to
generate a full rainbow table with the specific pepper to get the plaintext
3pids for non-matrix users.

Loading…
Cancel
Save