how to encrypt and decrypt messages with more than one sender and more than one receiver?

I am creating a chat app. This app contains private messages and channels. These channels include more than one user.

I want to encrypt messages using AES and to transfer the AES key to users of this channel.

I need a secure transport channel so I used diffie hellman. The problem now is how will I get users to generate the same diffie hellman keys so that I can create a shared key which will be the AES encryption key? I have learned the encryption, but between a sender and a receiver only, but here I have more than one sender and more than one receiver.

I had an idea, to make for all users who share the same channel, the same public and private key. Any user who opens the channel takes the public key from the channel and with his own keys he generates the shared key which forms the AES key. user can encrypts and decrypts any message, no matter who sent it, because all users of this channel have the same keys.

Any other ideas?

Note: I am required to use AES encryption but not deffie hellman, so is there another algorithm better than deffie hellman to do this?

SPF record does not preventing the sender spoofing

I am bug hunter & still new in bug bounty programs. I’ve reached to this topic which I can’t go further before understanding this one .

I used one of the most SPF record finder online , the result of this test was they already have a SPF record

BUT

I still can send an email as their domain exactly!

so , does really SPF record prevent email spoofing attack? If it does, why I still can send an email as their domain exactly ?, if it doesn’t, how can we really prevent the email spoofing attacks

also maybe I’ve some misunderstanding between SPF misconfiguration & missing of SPF record do they mean same ?! what is the situation as written above is it a misconfiguration or missing SPF record ?!

regards

What happens if a sender changes the TCP window size over multiple packets that have the same ACK number?

I’m currently doing research on evasion attacks that seek to bypass a Deep-learning based Network Intrusion Detection System.

In order to achieve this, I need to know what the constraints are for the TCP window size field in the TCP packet header. Imagine a client has just sent the last TCP-ACK packet to a server in order to complete the 3-way handshake. He then immediately proceeds to send a GET request to the server (these 2 packets are thus sent one after the other, and contain the same ACK-number).

What happens if the TCP window size in the TCP-ACK packet does not match the window size in the TCP packet containing the GET request? Will the receiver simply observe the last value for the window size that he obtained? Or will there be a violation in the TCP protocol in any way? You can assume that the change in window size is very small, and will not cause the buffer to be full.

More generally, if the client sends N uninterrupted packets (e.g. a heavy-load POST request), can he change the window size in each packet header without repercussions?

What does it mean to get an email from someone with a different actual sender?

I got a strange email and I just want to confirm my suspicions.

For background, I have my own email server which I set up using iRedMail on a VPS. I have an acquaintance who most likely has be on their address book, although I don’t have them on mine.

I got a highly suspect email with "Urgent! <acquaintance’s name>" as the subject, and a body that just said they need a favour. Looking at the headers of the email, I see that the Sender field is an unrelated university email address from another country, while the From field is my acquaintance’s name and a different email address than the one I had communicated with them in the past.

My hypothesis is that their account got hacked, the hacker stole their address book and is sending a scam to all of their contacts.

My fear is that my own server got hacked, or something. My email setup did not complain about this email even though I have virus scanning, and I expect that the regular checks (DKIM, SPF etc.) were done.

Can anyone confirm my hypothesis?

How to determine Sender Score IP to look up if straight query fails?

I’m checking up on my email set-up and came across Sender Score as part of my research and tests.

We are sending email through Outlook’s mail server. Our original mailfrom domain is fieldworkhub.com. If I put that into Sender Score, I get “no data available”.

The DKIM records are validated from Fieldworkhub.onmicrosoft.com. That domain again doesn’t have any data. However, it shows around 300 related sending domains, like ACTStoma.onmicrosoft.com which do give you a sender score for some IPs if queried. Why does this not work for our domain? Are we not sending enough emails?

From the email headers, I can find that client-ip=40.107.11.139. Is that the correct IP to put into the query field? Is there another way to discover sending IPs that doesn’t require looking up email headers? For example, checking SPF records? If so, how do I do it?

Can someone redirect or block emails of a specific sender?

I’m expecting some information from a governmental organisation, they claim that they already send the info via email, but I have never received anything.

They also have an automatic reply email, when I email them, then I don’t even get the automatic reply in my outlook inbox or anywhere else.

The nature and the sensitivity of the information in the mails, and the fact that I miss a lot of emails, got me thinking if this possible, a third party can redirect emails. I don’t know if my scenario is even slightly possible!

I have a feeling that if someone selectively decides which emails should I receive.

I constantly changed my password, and even changed my devices, haven’t opened unknown emails and respect all the basic security steps

Why not use a timer at sender instead of increasing transmision time in CSMA/CD to detect collisions?

In CSMA/CD protocol in order to detect collision Transmission time should be at least equal to two times 2×Tp, that means we have to change the frame size accordingly. Instead of all this why can’t we just place a timer with a time limit of 2×Tp, If there is any collision before the timer expires, then we can come to the conclusion that our data is corrupted, and we need to retransmit. This sounds easier for me as we need not append any additional bits to the frame, Correct me if I am wrong.

Magento2 display sender name, recipient name,recipient email in admin gift card grid

I need to display sender name, recipient name, recipient email in admin gift card grid. This is default module of enterprise.

This sender name, recipient name, recipient email values are coming from product_options.

After adding sender name, recipient name, recipient email columns search filter should work in admin

Email Sender of default Magento 2 order confirmation is not correct 2.2.7

After I upgrade from 2.2.6 to 2.2.7. The sender of the order confirmation is changed from sales@mydomain.com to myusername@@c59619.sgvps.net

I checked the config->sales email and general->store email addresses,there are set correctly as sales@mydomain.com.

I do not have smtp set up, i’m using default phpmailer and my hosting is siteground.