On Mon, Apr 20, 2020 at 11:35:08AM +0200, Matthias Andree wrote:
If there were a *real* threat model, Derek and I would take this more seriously. But I'm not going to backtrack on the generator determinism just to satisfy vague "security" threats.There is a possibility that if mail-to-news gateways are involved, that then a prediction of Message-ID generation can be abused to collide Message-IDs and hence suppress messages sent by the victim from appearing on Usenet. That works by the attacker posting to some noise messages with predicted Message-IDs to some random newsgroup, and the victim's messages then get rejected by duplicate elimination (i. e. news servers won't accept a message with a Message-ID they've already seen elsewhere), and can only be found out systematically if the victim regularly inquires his part of Usenet somehow to see if under his Message-ID there are his own posts and not colliders. A random part in the Message-ID would considerably reduce this attack surface.
Okay, that's a good point too, that I hadn't considered.My time is a bit limited to continue on this right now. But later, I would appreciate others opinions about randomizing versus hashing.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
