On Sat, Apr 18, 2020 at 04:17:45AM +0200, Gero Treuner wrote: > On Fri, Apr 17, 2020 at 07:59:01PM -0500, Derek Martin wrote: > > On Fri, Apr 17, 2020 at 02:24:22PM -0400, Remco Rijnders wrote: > > > The Message-ID that mutt generates is supposed to be unique. Up till now > > > mutt would generate this ID based on the current date and time, followed > > > by [...] > But if there are people who care ... why not.
Because those people don't know what they're talking about, and
humoring them helps no one. Because it adds additional complexity to the
program for absolutely zero practical gain. Because it would require
non-zero work from maintainers to review, apply, and commit the
change, for absolutely zero benefit.
> There is a little room for improvement.
Sorry, no, there just isn't. You can use any scheme you like, but it
will not leak any less information THAT MATTERS than Mutt's current
one does, no matter what it is, because the amount of information that
Mutt's scheme leaks THAT MATTERS is zero. I'll demonstrate...
> > None of the information you just listed is sensitive, and almost all
> > of it is already REQUIRED to be present in the message:
> >
> > - The "hostname" is usually the sender's domain, not their actual
> > hostname
[...]
> I found that if I sent with From: of another domain that it didn't
> affect the MessageId, so indeed leaking some small part of information.
Sorry, you don't seem to understand how SMTP works.
Your message came from:
Received: from faun.innocircle.com (faun.innocircle.com [178.63.104.83])
by hemlock.osuosl.org (Postfix) with ESMTPS id 677388828E
for <[email protected]>; Sat, 18 Apr 2020 02:54:26 +0000 (UTC)
Received: from local by faun.innocircle.com (envelope-from
<[email protected]>)
id 1jPd3B-0004ds-7z; Sat, 18 Apr 2020 04:17:45 +0200
I changed your e-mail address because while the above headers are not
normally available in mailing list archives' web interface (anymore),
and they also modify e-mail addresses in the envelope headers to help
keep spam away (although it's a very simple transformation which is
very easily undone), the message bodies are stored unmodified,
including any message headers that are in them. Anyway...
These headers are added to your message by your machine, your SMTP
gateway, and every mail forwarder in between you and me. So including
it in the message id is only leaking info that is, as I said,
REQUIRED, and therefore already present in the message. I know not
only the date and time, your host name and IP address, time zone, MTA
software, but also the exact route your message took to get to me, and
with high probability the city you live in--or at least where your ISP
or employer does. I won't post it here unless you want me to prove
that.
There ARE things you can do to obscure these headers... None of these
are things which would be done by well-behaved legitimate mail
servers, nor are they things the average mail user, or the average
Mutt user--or even most exceptional mutt users--will do to prevent
their machine name and IP from being discovered.
> > - the PID is the only thing that could possibly be vaguely useful
> > to an attacker, but only if they're already able to get onto the
> > user's system, in which case finding out the PID will be trivial
> > anyway. POINTLESS.
>
> With small probability it could indicate whether your system was
> recently started or Mutt is usually started right after system start.
It absolutely can not. PIDs are limited, and while modern systems
COULD use 64-bit PIDs, in practice on most systems you only get 32K of
them, and then they start wrapping around. On a busy system, that's
not really a lot of pids. Knowing the PID tells you ABSOLUTELY NOTHING.
But even if it did, it doesn't really present any sort of attack
vector, as I said, unless the attacker is already on the same
machine... and then it doesn't matter anyway. And if it did somehow
matter, then every Unix system in existence would be vulnerable,
because you can find out PIDs with a simple command that anyone on the
machine can run.
> > - From the sequential letter portion, you can only determine that the
> > modulo 26 of the number of messages sent, not the number of
> > messages. That's not useful information for anything, and I doubt
> > the actual number of messages sent in a given mutt session reveals
> > anything useful either, even if it were available--you still have
> > no idea if the session has been running for 10 minutes or 10 years.
> > MEANINGLESS.
>
> With medium probability it could indicate whether it is among the first
> 26 messages of a session.
It absolutely can not. If you sent 1 message, the letter would be A.
If you sent 27 messages, the letter would be A. 131 messages, the
letter would be A. 677 messages, the letter would be A. If you sent
17,577 messages, the letter would be A. If you sent an infinite set of
other numbers of messages {n, n = 1 + any number evenly divisible by
26}, the letter would be A. It tells you ABSOLUTELY NOTHING.
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail due to spam prevention. Sorry for the inconvenience.
signature.asc
Description: PGP signature
