[Enigmail] identifiable MIME boundaries

Thu, 18 Apr 2013 19:12:20 -0700 

hi enigmail folks--

package/mimeEncrypt.js contains two hardcoded references to "enig2" that
are used to create the MIME boundaries when using PGP/MIME.

In many circumstances it is not a problem to leak the information that
the mail sender is using enigmail specifically, but there are some users
and some use cases where the user does not want to reveal their choice
of software.

See, for example, Tor's documentation about thunderbird and enigmail:

 
https://trac.torproject.org/projects/tor/raw-attachment/wiki/doc/TorifyHOWTO/EMail/Thunderbird/Thunderbird%2BTor.pdf

Is there a reason to use the "enig2" prefix in package/mimeEncrypt.js at
all?  Would it be possible to simply remove it (and maybe extend the
size of the string returned by createBoundary() ?  The attached patch
implements the suggestion.

Alternately, if a fixed prefix is necessary for the boundary (i don't
know why that would be), maybe we could move that fixed prefix into an
enigmail preference, so that users could override it if they needed?

        --dkg

diff --git a/package/mimeEncrypt.js b/package/mimeEncrypt.js
index 9697a25..22e7259 100644
--- a/package/mimeEncrypt.js
+++ b/package/mimeEncrypt.js
@@ -183,7 +183,7 @@ PgpMimeEncrypt.prototype = {
                       errorMsgObj);
       if (! this.proc) throw Cr.NS_ERROR_FAILURE;
 
-      this.cryptoBoundary = "----enig2"+this.createBoundary();
+      this.cryptoBoundary = "----"+this.createBoundary();
       this.startCryptoHeaders();
 
     }
@@ -307,7 +307,7 @@ PgpMimeEncrypt.prototype = {
           if (this.cryptoMode == MIME_ENCRYPTED) {
             let ct = this.getHeader("content-type", false);
             if ((ct.search(/text\/plain/i) == 0) || (ct.search(/text\/html/i) == 0)) {
-              this.encapsulate = "enig2"+this.createBoundary();
+              this.encapsulate = this.createBoundary();
               this.writeToPipe('Content-Type: multipart/mixed; boundary="'+
                 this.encapsulate+'"\r\n\r\n');
               this.writeToPipe("--"+this.encapsulate+"\r\n");
@@ -426,7 +426,7 @@ PgpMimeEncrypt.prototype = {
 
   createBoundary: function() {
     var b = "";
-    for (let i=0; i<20; i++) {
+    for (let i=0; i<25; i++) {
       b += String.fromCharCode(65 + Math.floor(Math.random() * 24));
     }
     return b;

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
enigmail-users mailing list
enigmail-users@enigmail.net
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Reply via email to