feat(security): add timing attack prevention and content validation

teycir · teycir · commit 886e7e8b225c · 2025-12-22T18:20:51.000+01:00
Implement random jitter in seal retrieval API responses to mitigate timing attacks.
Update documentation and security page to reflect timing attack protection
and explain Key A security in URLs.
Add UTF-8 content validation during decryption to handle potential content corruption.
diff --git a/README.md b/README.md
@@ -178,6 +178,9 @@ sequenceDiagram
 ### "Can I bypass rate limits by rotating IPs or using VPNs?"
 **⚠️ HARDER.** Rate limiting uses browser fingerprinting (IP + User-Agent + Language), making simple IP rotation ineffective. You'd need to change your entire browser signature.
 
+### "Can I use timing attacks to detect the exact unlock time?"
+**❌ NO.** Server responses include random jitter (0-100ms delay) to prevent timing-based information leakage.
+
 ### "Why is there no user authentication?"
 **✅ BY DESIGN.** Authentication adds attack vectors (credential theft, phishing, password breaches, session hijacking). TimeSeal uses cryptography-only security: possession of the vault link (Key A) is the authentication. No passwords to steal, no accounts to hack.
 
@@ -193,6 +196,9 @@ sequenceDiagram
 ### "What if I lose the vault link?"
 **💀 LOST FOREVER.** Key A is in the URL hash. No Key A = No decryption. **Save your links securely.**
 
+### "Is Key A in the URL hash secure?"
+**✅ YES, BY DESIGN.** The URL hash is never sent to the server (unlike query parameters). HTTPS protects it in transit. Browser history/bookmarks are your responsibility—treat vault links like passwords. This is the tradeoff for zero-trust, no-authentication security. Alternative approaches (server-side key storage, password protection) would defeat the entire architecture.
+
 ### "Can I delete or cancel a seal after creating it?"
 - **Timed Release:** ❌ NO. WORM storage prevents deletion.
 - **Dead Man's Switch:** ✅ YES. Use the pulse token to burn the seal permanently.
diff --git a/app/api/seal/[id]/route.ts b/app/api/seal/[id]/route.ts
@@ -49,6 +49,10 @@ export async function GET(
       const metadata = await sealService.getSeal(sealId, ip);
 
       if (metadata.status === 'locked') {
+        // Add jitter to prevent timing attacks
+        const jitter = Math.floor(Math.random() * 100);
+        await new Promise(resolve => setTimeout(resolve, jitter));
+        
         return jsonResponse({
           id: sealId,
           isLocked: true,
diff --git a/app/security/page.tsx b/app/security/page.tsx
@@ -116,14 +116,16 @@ export default function SecurityPage() {
                 <li>Data tampering (WORM storage + AEAD)</li>
                 <li>Brute force attacks (256-bit keys + fingerprinted rate limiting)</li>
                 <li>IP rotation bypass (browser fingerprinting)</li>
+                <li>Timing attacks (response jitter)</li>
                 <li>Automated abuse (Turnstile CAPTCHA)</li>
                 <li>Replay attacks (nonce validation on pulse tokens)</li>
               </ul>
             </div>
             <div>
               <p className="text-neon-green font-bold mb-2">Not Protected Against:</p>
               <ul className="list-disc list-inside ml-4 space-y-1">
-                <li>Loss of vault link (Key A is in URL hash)</li>
+                <li>Loss of vault link (Key A is in URL hash - treat like a password)</li>
+                <li>Browser history/bookmark exposure (inherent to client-side crypto)</li>
                 <li>Compromised recipient device after unlock</li>
                 <li>Cloudflare infrastructure failure</li>
                 <li>Quantum computing attacks (future threat)</li>
diff --git a/app/v/[id]/page.tsx b/app/v/[id]/page.tsx
@@ -55,8 +55,14 @@ function VaultPageClient({ id }: { id: string }) {
       const encryptedBuffer = bytes.buffer;
 
       const decrypted = await decryptData(encryptedBuffer, { keyA, keyB, iv });
-      const content = new TextDecoder().decode(decrypted);
-      setDecryptedContent(content);
+      
+      // Validate decrypted content is valid UTF-8
+      try {
+        const content = new TextDecoder('utf-8', { fatal: true }).decode(decrypted);
+        setDecryptedContent(content);
+      } catch {
+        setError('Decryption succeeded but content is corrupted');
+      }
     } catch (err) {
       console.error('Decryption failed:', err);
       setError('Failed to decrypt message');
