I have read the documentation, but i still don’t understand how simpleX know that the messages are delivered to the right person if it doesn’t use ID’s. Could someone explain it schematically ?

Thanks

  • rrobin@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 days ago

    Not sure which docs you are looking at, but my preferred description for this part is SMP

    The previous message already pointed out the main point - communication happens via queues our clients knows to belong to the destination, and these queues are temporary. This means even if an attacker determines the queue belongs to a specific person it can be changed and even then it does not reveal who is the other contact using the queue.

    A few more bits to consider:

    1. queues are unidirectional (so you need at least 2 for a contact) and you only create the ones you use to receive messages
    2. the server holds two identifiers for a queue - one for the sender one for the receiver
    3. the queue also has two keys - which allow the server to recognize the sender and receiver respectively i.e. only the sender can send and only the receiver can collect msgs (SMP server should reject otherwise)
    4. all the keys/ids i mentioned so far a created anew per queue
    5. finally the messages that are placed in the queue are encrypted between sender and receiver (DH) but is beyond SMP

    So there are IDs but hopefully they are not useful for an attacker.

    Now to answer your question. There are IDs but for a message to be delivered to the wrong person the following would need to happen

    1. you would have to send it to a server with the wrong ID and encrypted with wrong key
    2. the SMP server would need to allow this by decrypting it with the wrong key too (unlikely but not impossible I think - if we assume some magic to break point 3. from before)
    3. the message would then be picked up by the receiver (which would try to decrypt it but it would fail)

    Caveats - the client app must be well implemented and NEVER reuse keys. Likewise the server must not reuse queue IDs.

    I think I got my assumptions right. When in doubt check the 2nd link for a long step by step description of the protocol