- Ninmi ( @Ninmi@sopuli.xyz ) 4•1 year ago
Again.
- poVoq ( @poVoq@slrpnk.net ) 2•1 year ago
And again in a part that they added to make e2ee more convenient for users that are only security LARPing anyways.
- sexy_peach ( @sexy_peach@feddit.de ) 3•1 year ago
How does XMPP with omemo handle these situations?
- poVoq ( @poVoq@slrpnk.net ) 3•1 year ago
AFAIK they don’t exist because OMEMO keys are device and not account specific, so this entire class of attack surface does not exist.
- j@mastodon ( @jcast@mastodon.social ) 1•1 year ago
Isn’t matrix also based on session keys?
I think the issue is more about how keys are shared between devices, and access to previous messages granted?- poVoq ( @poVoq@slrpnk.net ) 3•1 year ago
I am not an expert on the topic, but yes the key sharing seems to be the ultimate source of these issues.
- j@mastodon ( @jcast@mastodon.social ) 3•1 year ago
I’m a random user but I did hear some discussion on the potential for this kind of vulnerability a while ago in the XMPP Conversations group chat.
OMEMO does not allow access to previous messages when you add a new device. If the message wasn’t originally encrypted for the target device, the device will not be able to read it. But the best place to ask this question is in that group chat.
- poVoq ( @poVoq@slrpnk.net ) 3•1 year ago
https://nebuchadnezzar-megolm.github.io/
Original paper.
- Jones ( @jonesv@lemmy.ml ) 3•1 year ago
As far as I am concerned, I use Matrix as a replacement for Slack/Discord/IRC, where I absolutely don’t count on e2ee. And Matrix does that really well. For e2ee direct messaging, I use alternatives like Signal or Threema.
- Catfluoride ( @catfluoride@mastodon.social ) 3•1 year ago
@cypherpunks waiting for @fdroidorg to push updates…