@kirby
It's a price to pay for proper encryption that works with multiple sessions🤷
XMPP crowd was making fun of Matrix for this, but that is just how Double Ratchet works — now it got implemented in popular XMPP clients and it turned out that it's even worse than it was in Matrix and before that it "just worked" simply because nothing was encrypted.

@m0xee @kirby >turned out that it's even worse Basically false. Matrix is even worse because you can't turn it on and off by your self. It also is less secure.

@dcc
Of course you can, just create two person room with encryption disabled! If they weren't created with encryption enabled by default, few would be using it and it would defeat the purpose.
And how is it less secure? It's literally the same algorithm.
@kirby

@m0xee @dcc @kirby
>It's literally the same algorithm
not really, that'd be olm, megolm (the one actually used in e2ee rooms) is double ratchet with extra steps, that may or may not weaken DR security assumptions

@romin @dcc @kirby
Yep, valid point! Same as different implementations might have deficiencies of their own — what I meant is that they are based on the same Double Ratchet.
Beside the point, OMEMO spec is pretty vague about multi-user rooms: xmpp.org/extensions/xep-0384.h it refers to a MUC-related XEP that doesn't mention OMEMO or ratchets at all.
As opposed to megolm spec which is rather thorough: gitlab.matrix.org/matrix-org/o

Follow

@romin @dcc @kirby
I'm not even sure current XMPP clients implement OMEMO for group chats, so I assume we're talking one-on-one chats here 🤷

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml