Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: Use hash of URL as filename #41

Open
Andy-2639 opened this issue Apr 7, 2024 · 0 comments
Open

Feature Request: Use hash of URL as filename #41

Andy-2639 opened this issue Apr 7, 2024 · 0 comments

Comments

@Andy-2639
Copy link

Sadly, OMEMO doesn't hide the filename from the server, despite this meta datum can already contain sensitive information.

The URL contains a random value to prevent listing existing files via brute force, so it has high entropy.
Every request of the file via an XMPP client is done via the URL. So, instead of storing the file in the filesystem by its name, a hash of the URL can be used as name. This prevents the admin (or attackers getting read access to the filesystem) to get potentially sensitive meta data.
As encoding for the hash, I propose base32(hex) without padding to keep it short and safe even for systems with case-insensitive filesystems.

Instead of the full URL, only the path or even just the path info (see PATH_INFO at https://www.php.net/reserved.variables.server).

This could be even extended to use hkdf to derive 2 keys: one for obfuscating the filename and a second one to encrypt the content of the file - in case the uploader didn't use something like OMEMO.

It would be best if OMEMO would not only encrypt the file's content but also hides the file name and the content type. But as it's not the case, this can add an additional layer of protection. It, however, cannot protect against malicious admins as the admin could (a) read the process memory at the time of a file up-/download or (b) could just disable it or use a different software.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant