ylecollen
commented
7 years ago I suspect that the first message has been resent after connection lost.
Open richvdh opened 7 years ago
ylecollen
commented
7 years ago I suspect that the first message has been resent after connection lost.
richvdh
commented
7 years ago but they are clearly different messages.
ylecollen
commented
7 years ago The only steps i can see -> Bob sends a message but it has been encrypted but it cannot be sent -> the application is killed (by the user or by the system) -> the dedicated OlmOutboundGroupSession backup failed (Or the the olm libs object). -> Bob restarts the application the former OlmOutboundGroupSession is restored -> bob resends the first message (already encrypted with index 0) and sends a new one (encrypted with index 0)
As reported at https://github.com/matrix-org/synapse/issues/1669:
It looks like $14808717113401196FlzLb:matrix.org and $14808726053404510BqAmd:matrix.org were both sent using message index 0, from the same megolm session. The messages are otherwise different, so it's not a duplication within the network (or an actual replay attack).
@ylecollen: any idea how this might have happened?