Comment by jetbalsa
1 year ago
> Cryptography nerds should NOT be finding the software that activists trust with their privacy hilarious.
This is very much true. Why in the world would session do the things they listed unless it really was just a state actor trying to get something in place to snoop on people.
Various reasons, using 128 Bits of entropy in Session Account IDs allows Session to use 13 word mnemonic seeds, instead of 25 word seeds, which makes the UX of writing down and saving mnemonic seeds easier, the claimed reduction in security by the researcher is incorrect. The other 2 security issues are misinterpretations of the code.
Full response is provided here https://getsession.org/blog/a-response-to-recent-claims-abou...