Nikolai Konovalov on Nostr: Current implementation of blinded id's in Session messenger are reversible, you can ...
Current implementation of blinded id's in Session messenger are reversible, you can get user id from blinded id + server public key.
The picture is simple algorithm for vulnerable
Published at
2024-10-27 18:42:29Event JSON
{
"id": "9989e916f6db2f9e66ef5ede20750d7ce119263bd8670e960a60292b4e76f4bd",
"pubkey": "49e566a36555b6a66893e9ab3a58f4fca493b9f63b1d7515846a2e110b22c3c7",
"created_at": 1730054549,
"kind": 1,
"tags": [
[
"r",
"https://image.nostr.build/6155b50ea19b74711807d572a77c8e7444efa313980ada3266933463f5121233.jpg"
],
[
"imeta",
"url https://image.nostr.build/6155b50ea19b74711807d572a77c8e7444efa313980ada3266933463f5121233.jpg",
"m image/jpeg",
"alt Verifiable file url",
"x 194a851c68471b530ef062a4f2c97debda27be81085285160b2299685fb8ef90",
"size 15367",
"dim 670x216",
"blurhash QASY{qof?bay-;j[t7t7WBt7j[t7j[ofWBWBayWB~qj[IUofIUayfQWBt7",
"ox 6155b50ea19b74711807d572a77c8e7444efa313980ada3266933463f5121233"
]
],
"content": "Current implementation of blinded id's in Session messenger are reversible, you can get user id from blinded id + server public key.\n\nThe picture is simple algorithm for vulnerable https://image.nostr.build/6155b50ea19b74711807d572a77c8e7444efa313980ada3266933463f5121233.jpg",
"sig": "f5c5195db1493502c7938d5e5edcc92c81e2a35e6a3eafbdb65b0557806352be1c29d16f322deeb4c6b32bdfe791eb3be8dda279ef050b1c2c5295c15084f354"
}
