UID for Cursor on Target output is not unique (hostname is always 'localhost', no entropy!)

Theta-Limited / ThetaTools

Various tools and documentation created and/or used by Theta.

Creative Commons Zero v1.0 Universal

0 stars 0 forks source link

UID for Cursor on Target output is not unique (hostname is always 'localhost', no entropy!) #2

Open mkrupczak3 opened 4 months ago

mkrupczak3 commented 4 months ago

A bug in how the hostname is hashed for creating a 'unique id' causes the hash to be uniform across all Android devices, which can result in message collisions:

https://github.com/Theta-Limited/OpenAthenaAndroid/blob/4da9215453ae321c2a38ba14f03a85be4013bd94/app/src/main/java/com/openathena/CursorOnTargetSender.java#L197

The hostname is always 'localhost' :(

See this issue in OpenAthena Android: https://github.com/Theta-Limited/OpenAthenaAndroid/issues/146

mkrupczak3 commented 4 months ago

Seeing reports that this is mostly applicable to Android only, and that pure Java clients running this code report their hostname correctly.

Think the CoT UID format should be revised though to make it easier to read verbally. See the following link for how this was accomplished in OpenAthena for Android: https://github.com/Theta-Limited/OpenAthenaAndroid/issues/141