Please keep in mind that this website is a furry blog, first and foremost, that sometimes happens to cover security and cryptography topics.

Many people have, over the years, assumed the opposite and commented accordingly. The ensuing message board threads are usually is a waste of time and energy for everyone involved. So please adjust your expectations.

Stop playing mind games.

@Hyolobrika
Impossible! I suppose that's the whole point of his blog.
I highly doubt that the side-channel he mentions is exploitable in real-world conditions on a server with dozens of users where each request might be handled by a different processor core — and that's exactly what Matrix dev told him.

@m0xee What makes you think every Matrix server will have dozens of users and multiple cores?
Follow

@Hyolobrika
Well, in that case it would most probably be hosted on a VPS blurring the concept of what CPU is and rendering such side channel attacks inefficient.
People are too much into timed cache attacks ever since Spectre made it a hot topic, despite this type of attacks existing since the Pentium Pro days.

@Hyolobrika
I'm fairly certain that a lot of hardware is still running without any mitigations at all to achieve higher performance, and yet… No real world consequences, nothing big enough to make the news 🤷

@m0xee @Hyolobrika olm is client side, and the side channel is impractical on real life scenarios
AYO BRUH UNEEA CLEE DIHOE MF BIX NOOD *BANG* :shrimpstika:

@romin
Exactly! But that's what I was expecting from such a hyped-up announcement TBH: "Okay, this part looks weak, Signal does it better",— so what? Give up a proof of concept exploit or go home!
It's not a question of "being an alternative to Signal" — for me and for anyone living in a non-free country Signal itself with phone number registration was never a viable choice.
@Hyolobrika

@romin
True, it's kinda beyond the whole infosec scope, but no cryptographic strength can withstand the pliers and the blowtorch 🤷
Being decentralised and staying below the radar is way more important.
@Hyolobrika

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml