PubKey Hijacking Attack

[ktraister]

If TLS was cracked by MITM attack, the pubkey could be MITMd -- replaced mid-messaging to get access to the message, then re-encrypting with pubkey. This is a modern MITM attack that could be used to crack kyber encryption.

To solve: Add long lived Kyber key from messenger to exchange -- prevents MITM and impersonation for short-lived individual transansaction keys

[ktraister]

https://github.com/ktraister/endless_waltz/pull/369 https://github.com/ktraister/ew_messenger/pull/120

[ktraister]

Init message with kyber tunneling is now working. Next, I'll have to work on the receiver and the rest of the messages.

[ktraister]

Kyber tunnels now established between exchange and client, but this change means we're no longer shipping JSON. We need to format the JSON before encryption and send on the exchange side.

                message := &Message{Type: "startup", User: user, Msg: localPubKeyStr}
                b, err := json.Marshal(message)
                if err != nil {                                                                                                                                                                                     
                        logger.Error(err)
                        continue
                }   

[ktraister]

Need to update configs and add intake through env variables for exchange keys Also setup client to establish tunnel with random kyber key. prod should start with 6 available pubkeys (recycle one per month)

[ktraister]

Aight, review tomorrow and close. This should be all set

[ktraister]

Tested and working in prod after merging both PRs. All set!