On 2020-04-20 21:49:11 +0100, Ian Collier wrote: > On Mon, Apr 20, 2020 at 07:08:07PM +0200, Gero Treuner wrote: > > The concern is that the inputs based on local and/or private information > > can be leaked. To achieve this the search space must be big enough. > [heavily snipped, of course] > > We need data which is unrelated to the email but - to be deterministic > > with regard to other Mutt instances - is equal to all Mutt instances on > > the same machine > > I am -0 on this whole thing. I don't consider the PID to be a meaningful > "leak" and nor am I that concerned about revealing the number of messages > I've sent (modulo 26) in this mutt session.
BTW, if this number of messages is a problem, a simple change is possible: reset it each time the timestamp changes. Thus in practice one would always get "GA". > I think the duplicate-messageid attack is theoretical only and would > never occur in practice. Well, I think that this should be considered only if the algorithm is changed completely. > However... > > As Arnt has implied, the current method of generating the Message-ID > does not *guarantee* uniqueness; merely makes it highly improbable to > be non-unique. The thing is that we are not just concerned with other > instances of mutt on this host, but with other instances of mutt that > have the same "hostname" setting. This is a user-side problem. Users should make sure that their hostname setting is unique (possibly with a very high probability, assuming no attacks). See below. > Derek has already mentioned that some people set this to their mail > domain rather than the name of the specific host it's running on. It is not forbidden to add a "non-existing" host part there, before the domain. This can be reused by every software on the machine. This is the idea behind the unique FQDN. Note that since this is done once and for all, you can take much time deciding what this hostname is. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
