Please keep in mind that this website is a furry blog, first and foremost, that sometimes happens to cover security and cryptography topics.
Many people have, over the years, assumed the opposite and commented accordingly. The ensuing message board threads are usually is a waste of time and energy for everyone involved. So please adjust your expectations.
Stop playing mind games.
@Hyolobrika
Impossible! I suppose that's the whole point of his blog.
I highly doubt that the side-channel he mentions is exploitable in real-world conditions on a server with dozens of users where each request might be handled by a different processor core — and that's exactly what Matrix dev told him.
@Hyolobrika
Well, in that case it would most probably be hosted on a VPS blurring the concept of what CPU is and rendering such side channel attacks inefficient.
People are too much into timed cache attacks ever since Spectre made it a hot topic, despite this type of attacks existing since the Pentium Pro days.
@Hyolobrika
I'm fairly certain that a lot of hardware is still running without any mitigations at all to achieve higher performance, and yet… No real world consequences, nothing big enough to make the news 🤷
@romin
Exactly! But that's what I was expecting from such a hyped-up announcement TBH: "Okay, this part looks weak, Signal does it better",— so what? Give up a proof of concept exploit or go home!
It's not a question of "being an alternative to Signal" — for me and for anyone living in a non-free country Signal itself with phone number registration was never a viable choice.
@Hyolobrika
@romin
True, it's kinda beyond the whole infosec scope, but no cryptographic strength can withstand the pliers and the blowtorch 🤷
Being decentralised and staying below the radar is way more important.
@Hyolobrika
@Hyolobrika
He can always prove us wrong by making a proof of concept exploit, but no… "I did look into this, but I didn't spend too much time on it… but this is a HORRIBLE vulnerability, a GAPING HOLE even — just use Signal" 🤦