refactor: Add SMP warnings for low-entropy answers

Author: chadsec1

logic/smp.py

@@ -73,8 +73,8 @@ def initiate_smp(user_data: dict, user_data_lock: threading.Lock, contact_id: st
         response = http_request(f"{server_url}/data/send", "POST", metadata = {
             "recipient": contact_id
         }, blob = SMP_TYPE + kem_public_key, auth_token = auth_token)
-    except Exception:
-        raise ValueError("Could not connect to server")
+    except Exception as e:
+        raise ValueError("Could not connect to server: " + str(e))
 
     response = json.loads(response.decode())
     if (not ("status" in response)) or response["status"] != "success":

logic/utils.py

@@ -1,5 +1,32 @@
 import traceback
 
+def check_str_high_entropy(s: str) -> bool:
+    # strings under 8 characters long are insecure no matter the language.
+    if len(s) < 8:
+        return False
+
+    # if string is not all ascii, just assume it has enough entropy.
+    if not s.ascii():
+        return True
+
+    # Check if string is all lowercase or uppercase
+    if s.lower() == s or s.upper() == s:
+        return False
+
+    # if all digits
+    if s.isdigit():
+        return False
+
+    # if doesn't contain digits
+    if not any(c.isdigit() for c in s):
+        return False
+
+    # Check for special characters, spaces, etc
+    if not any(not c.isalnum() for c in s):
+        return False
+
+    return True
+
 
 def thread_failsafe_wrapper(target, stop_flag, ui_queue, *args, **kwargs):
     try:

ui/smp_setup_window.py

@@ -1,6 +1,11 @@
 import tkinter as tk
 from tkinter import messagebox
-from ui.utils import *
+from ui.utils import (
+        enhanced_entry
+    )
+from logic.utils import (
+        check_str_high_entropy
+)
 from logic.smp import initiate_smp
 from core.constants import (
     SMP_QUESTION_MAX_LEN 
@@ -29,17 +34,15 @@ def __init__(self, master, contact_id):
         tk.Label(self, text="Question:", fg="white", bg="black", anchor="w").pack(fill="x", padx=20)
         self.question_entry = tk.Entry(self, width=50)
         self.question_entry.pack(padx=20, pady=(0, 10))
-        self.question_entry.focus()
+        # self.question_entry.focus()
 
         tk.Label(self, text="Answer:", fg="white", bg="black", anchor="w").pack(fill="x", padx=20)
         self.answer_entry = tk.Entry(self, width=50)
         self.answer_entry.pack(padx=20, pady=(0, 20))
 
-        # TODO: Figure out why enhanced_entry bricks the question and answer entry
-        # enhanced_entry(self.question_entry, placeholder="I.e. Where did we meet last Thursday ?")
-        # enhanced_entry(self.answer_entry, placeholder="I.e. Central Park")
+        enhanced_entry(self.question_entry, placeholder="I.e. What's our secret passphrase ?")
+        enhanced_entry(self.answer_entry, placeholder="I.e. Horse Whale Australia Dog Times Lake")
 
-        # Send button
         tk.Button(
             self,
             text="Send Verification Request",
@@ -70,39 +73,30 @@ def submit(self):
             messagebox.showerror("Error", "Question must not contain the answer!")
             return
 
+        if question.lower() in answer.lower():
+            messagebox.showerror("Error", "Answer must not contain any part of the question!")
+            return
 
         if len(question) > SMP_QUESTION_MAX_LEN:
             messagebox.showerror("Error", f"Question must be under {SMP_QUESTION_MAX_LEN} characters long.")
 
-
-        # This is just unacceptable, 4 characaters is the bare minimum.
-        # Given our argon2id parameters, we have calculated the worst case scenario of an adversary with 
-        # many 128-core CPU clusters, and 1000s of machines available, with custom-optimizied cracking-rigs
-        # and we concluded that as of 2025, would still require a couple minutes - couple seconds short of 
-        # a minute to crack the answer which might *just* be enough time if both users are online and the 
-        # server is not malicious. If the server is malicious, it could delay the process, which means that 
-        # powerful adversary would have cracked the answer to your question and possibly fed you spoofed keys
-        # 
-        # We don't actually enforce high-entropy answers because we know users will try to bypass the limit
-        # by picking long-length but low-entropy answers, or worse, put / hint the answer in the question
-        # Instead, we opted for an approach of allowing the user to choose low-entropy answers but give
-        # them 2 warnings to ensure they understand the risks.
-        # 
-
         if len(answer) <= 3:
             messagebox.showerror("Error", "Answer must be at least 4 characters long!")
             return
 
-        if len(answer) <= 5:
+        if len(answer) <= 5 or not check_str_high_entropy(answer):
             # Even though we enforce SMP, sometime a user might want to add someone whom our user don't have a out-of-band channel to communicate with
             # allowing the user to set a low-entropy answer gives user the opportunity to do so
             # But we still warn the user twice about the importance of the answer's entropy in context of SMP verification
-            if messagebox.askyesno("Warning", "Answer is less than 6 characters long, this is unsafe and not recommended, do you want to proceed anyway ?"):
+            if messagebox.askyesno("Warning", "Answer does not contain good entropy, this is unsafe and not recommended, do you want to proceed anyway ?"):
                 if not messagebox.askyesno("Warning", "If the server is malicious, low-entropy answer potentially undermines encryption. To reduce risks only proceed if you are certain that the contact is online right now, are you absolutely sure?"):
                     return
             else:
                 return
 
-        initiate_smp(self.master.user_data, self.master.user_data_lock, self.contact_id, question, answer)
-
+        try:
+            initiate_smp(self.master.user_data, self.master.user_data_lock, self.contact_id, question, answer)
+        except Exception as e:
+            messagebox.showerror("Error", e)
+        
         self.destroy()