Comment by trueno
3 hours ago
> instead of just retrieving the messages from the cache on a confiscated phone
why wouldn't encryption be a part of recipe here rendering government acquisition of such a cache moot?
3 hours ago
> instead of just retrieving the messages from the cache on a confiscated phone
why wouldn't encryption be a part of recipe here rendering government acquisition of such a cache moot?
If the user can get immediate access to older messages then normally those messages will be available on a confiscated phone. That's why things like Signal have you set a retention period. A retention period of zero (message is gone when it scrolls off the screen) is safest.
If you want to protect older messages you can have the user enter a passphrase when they are in a physically safe situation. But that is only really practical for media like email. Good for organizing the protest but perhaps not so great at the protest.
From white paper:
>At its core, BitChat leverages the Noise Protocol Framework (specifically, the XX pattern) to establish mutually authenticated, end-to-end encrypted sessions between peers.
I actually wrote a Noise implementation and someone wanted to make a Bitchat implementation with it, but my impl only supports BLAKE2B (and I got the impression this person really didn't know what they wanted to do in the first place). It's kinda sad more haven't moved to BLAKE2B (or BLAKE3, which I almost never hear anyone talking about).