I think padding is up to the user and I think those messages are used to setup encryption. How do you encrypt the messages that are used to setup encryption? Besides I don't think they need to be encrypted anyway. Could be wrong on those points but that's what I thought. On Oct 12, 2013 11:35 PM, "T. Linden" <[email protected]> wrote:
> Hi, > > while working with the curve encrypted feature of CZMQ I found that not > everything is encrypted, see attached snoop (hex dump). ZMQ message > headers are clear text like "MESSAGE", "HELLO", "READY" and so forth. > > Are there any plans to change this in the future, i.e. to encrypt them > as well? And another thing ocurred to me: the packets didn't seem to be > padded. So, an attacker could see, which packet has which purpose AND by > looking at the packet size assume what kind of message might be in > there. > > Yes, I admit this sounds somewhat paranoid :) But that's a virtue these > days, isn't it? > > > > > best regards, > Tom > > -- > PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt > S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem > Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > >
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
