Comment by ianburrell
2 years ago
Do you evidence of that? Are you sure you aren’t confusing Signal and Matrix, which had that big? We would have heard about Signal after the Matrix bug if it also had it.
2 years ago
Do you evidence of that? Are you sure you aren’t confusing Signal and Matrix, which had that big? We would have heard about Signal after the Matrix bug if it also had it.
It's not really a bug. It's a design decision.
There's no clear solution for it from an encryption perspective without a big tradeoffs (like requiring all participants to be online at the same time).
Besides, the larger the group, the more likely that one of the nodes has been compromised anyway. Everything's a tradeoff -- don't depend on the security of a single solution if you're really trying to keep a secret; defense in depth.
You haven’t shown that this flaw is in Signal in addition to Matrix.
I heard about Matrix having that exact flaw, and if Signal had the same flaw, it would be big news. I remember Signal saying that they are not vulnerable.
> There's no clear solution for it from an encryption perspective without a big tradeoffs (like requiring all participants to be online at the same time).
I wonder if that's why Telegram's secret chats do in fact require users to be online at the same time for key exchange. I've used it before and I had to wait a while for the other party to come online.
If this was true I would expect there were additional sources besides a random anonymous HN comment.
It depends. One good discussion.
https://crypto.stackexchange.com/questions/77319/triple-diff...
1 reply →