E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2: if you use Element ormatrix.orgexternal-link Arthur Besse ( @cypherpunks@lemmy.ml ) Matrix@lemmy.ml • 2 years ago message-square10fedilinkarrow-up119
arrow-up119external-linkE2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2: if you use Element ormatrix.org Arthur Besse ( @cypherpunks@lemmy.ml ) Matrix@lemmy.ml • 2 years ago message-square10fedilink
minus-square poVoq ( @poVoq@slrpnk.net ) linkfedilink3•edit-22 years agoAFAIK they don’t exist because OMEMO keys are device and not account specific, so this entire class of attack surface does not exist.
minus-square j@mastodon ( @jcast@mastodon.social ) linkfedilink1•2 years ago@poVoq @sexy_peach Isn’t matrix also based on session keys? I think the issue is more about how keys are shared between devices, and access to previous messages granted?
minus-square poVoq ( @poVoq@slrpnk.net ) linkfedilink3•2 years agoI am not an expert on the topic, but yes the key sharing seems to be the ultimate source of these issues.
AFAIK they don’t exist because OMEMO keys are device and not account specific, so this entire class of attack surface does not exist.
@poVoq @sexy_peach
Isn’t matrix also based on session keys?
I think the issue is more about how keys are shared between devices, and access to previous messages granted?
I am not an expert on the topic, but yes the key sharing seems to be the ultimate source of these issues.