On 2020-04-20 19:57:23 +0200, Gero Treuner wrote: > This is necessary to stay on the deterministic track: For this we > require that different Mutt instances use information which differs by > the pid and time/sequence number at some point, which is the data fed to > the hash algorithm.
OK, that would be sufficient. But there is no need to be deterministic. You should also add some noise (random data) to be fed to the hash algorithm in order to limit the possibility of guessing the Message-Id. Imagine a system that sends a public message every day at the same time. Thus the time is known to the public and the sequence number is too (it is always 1 in this case). On a machine with a 15-bit PID, an attacker can retrieve it by an exhaustive search (32768 possibilities). Then perhaps the PID of the next message can be guessed, or its range remains small. In such a case, an attacker can send a few messages using the possible PIDs before the real message is sent. And the real message could be discarded by some systems as a consequence. > If we don't want to be deterministic, then I don't see a major advantage > of hash functions compared to random data. In this case you need to make sure that such random data cannot be guessed. This may be difficult without using entropy. Using entropy each time Mutt is started would not be a good idea, in case a system would run Mutt several times a second to send mail (e.g. personalized mail to its users). -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
