Am 20.04.20 um 15:51 schrieb Kevin J. McCarthy: > On Mon, Apr 20, 2020 at 11:35:08AM +0200, Matthias Andree wrote: >>> If there were a *real* threat model, Derek and I would take this more >>> seriously. But I'm not going to backtrack on the generator >>> determinism just to satisfy vague "security" threats. >>> >> There is a possibility that if mail-to-news gateways are involved, that >> then a prediction of Message-ID generation can be abused to collide >> Message-IDs and hence suppress messages sent by the victim from >> appearing on Usenet. That works by the attacker posting to some noise >> messages with predicted Message-IDs to some random newsgroup, and the >> victim's messages then get rejected by duplicate elimination (i. e. news >> servers won't accept a message with a Message-ID they've already seen >> elsewhere), and can only be found out systematically if the victim >> regularly inquires his part of Usenet somehow to see if under his >> Message-ID there are his own posts and not colliders. >> >> A random part in the Message-ID would considerably reduce this attack >> surface. > > Okay, that's a good point too, that I hadn't considered. > > My time is a bit limited to continue on this right now. But later, I > would appreciate others opinions about randomizing versus hashing
I concur with Remco's concerns of not giving away information that, by itself, is useless, but after aggregation and big data, can give away the user's privacy (through scale effects). Other than that, whatever makes prediction hard should fix the immediate scenario. A strong hash or randomly generated UUID does not really 100% prevent my attack scenario, but if we were using, say, RIPEMD160, SHA256 or other, then I think we're safe for now. WRT UUID/GUID or fully random mentioned elsewhere, the birthday "paradoxon" or attack needs to be taken into account, and I am not sufficiently into cryptography to assess whether hashing will suffice to steer clear of such attack vectors (but then again, my proposal doesn't do that any better out of itself), and the addition of a domain or hostname doesn't raise security because it's trivial to forge in a malicious attack.
