As Pieter and I said, just add padding but I think in the spec (curvezmq or curvecp) it's suggested to also send garbage data when you're not sending real data. To make traffic analysis harder On Oct 13, 2013 3:07 AM, "Pieter Hintjens" <[email protected]> wrote:
> Indeed, these messages are used for the handshake and there is no > benefit to an attacker to see the handshake happening. You can in any > case see it by observing the to and fro messages from client to server > if you know the protocol. Also, how would you decrypt if you don't > know the command you're receiving? > > As for padding, you can of course do this, and it's one of the > suggestions in the CurveZMQ spec. It's not an RFC issue. Just add > dummy frames to your ZMQ messages. > > -Pieter > > On Sat, Oct 12, 2013 at 2:40 PM, shancat <[email protected]> wrote: > > I think padding is up to the user and I think those messages are used to > > setup encryption. How do you encrypt the messages that are used to setup > > encryption? Besides I don't think they need to be encrypted anyway. > Could be > > wrong on those points but that's what I thought. > > > > On Oct 12, 2013 11:35 PM, "T. Linden" <[email protected]> wrote: > >> > >> Hi, > >> > >> while working with the curve encrypted feature of CZMQ I found that not > >> everything is encrypted, see attached snoop (hex dump). ZMQ message > >> headers are clear text like "MESSAGE", "HELLO", "READY" and so forth. > >> > >> Are there any plans to change this in the future, i.e. to encrypt them > >> as well? And another thing ocurred to me: the packets didn't seem to be > >> padded. So, an attacker could see, which packet has which purpose AND by > >> looking at the packet size assume what kind of message might be in > >> there. > >> > >> Yes, I admit this sounds somewhat paranoid :) But that's a virtue these > >> days, isn't it? > >> > >> > >> > >> > >> best regards, > >> Tom > >> > >> -- > >> PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt > >> S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem > >> Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> > >> _______________________________________________ > >> zeromq-dev mailing list > >> [email protected] > >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev > >> > > > > _______________________________________________ > > zeromq-dev mailing list > > [email protected] > > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > > > > -- > - > Pieter Hintjens > CEO of iMatix.com > Founder of ZeroMQ community > blog: http://hintjens.com > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev >
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
