[zeromq-dev] Question about CurveCP implementation in CZMQ

shancat shannenlaptop at gmail.com
Sat Oct 12 14:40:03 CEST 2013


I think padding is up to the user and I think those messages are used to
setup encryption. How do you encrypt the messages that are used to setup
encryption? Besides I don't think they need to be encrypted anyway. Could
be wrong on those points but that's what I thought.
On Oct 12, 2013 11:35 PM, "T. Linden" <tlinden at cpan.org> wrote:

> Hi,
>
> while working with the curve encrypted feature of CZMQ I found that not
> everything is encrypted, see attached snoop (hex dump). ZMQ message
> headers are clear text like "MESSAGE", "HELLO", "READY" and so forth.
>
> Are there any plans to change this in the future, i.e. to encrypt them
> as well? And another thing ocurred to me: the packets didn't seem to be
> padded. So, an attacker could see, which packet has which purpose AND by
> looking at the packet size assume what kind of message might be in
> there.
>
> Yes, I admit this sounds somewhat paranoid :) But that's a virtue these
> days, isn't it?
>
>
>
>
> best regards,
> Tom
>
> --
>     PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt
> S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem
>  Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20131012/7b97ef53/attachment.htm>


More information about the zeromq-dev mailing list