XMPP

316 readers

1 users here now

XMPP (aka Jabber) is the community-owned standard for real-time federated messaging.

For a quick start click here

JoinJabber.org support chat

JoinJabber.org admin support chat

XMPP.net Provider List

Also see JoinJabber.org FAQ

founded 1 year ago

MODERATORS

[email protected]

Dhole Moments: Against XMPP+OMEMO - Dhole Moments (soatok.blog)

submitted 3 months ago by [email protected] to c/[email protected]

9 comments fedilink hide all child comments

This blog post, and some of its comments are pretty interesting and concerning at the same time. Not really sure if in the end that means that nothing other than centralized controlled messaging can be as cryptography safe.

Any comments?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 0 points 3 months ago* (last edited 3 months ago)

I was in the specs before as well, just not as clearly spelled out.

As for the other reasons why Soatok thinks Signal is better, well those are cherry picked and highly opinionated. There are similar lists of reasons from equally respected security researchers (that have less of a e2ee tunnel vision), that rule out Signal as a serious option due to its centralised and single vendor approach.

Which brings me to the last point. Yes, Signal is a snake-oil vendor that tries to hide the various glaring security issues of their model behind a state of the art e2ee system. But that's just a fig-leaf not really all that different from how WhatsApp claims to be secure due to them adopting e2ee.

Post-quantum encryption is an active R&D field with no proven to work solutions yet. In fact, solutions that are proudly announced as finally having solved it are regularly silently retracted as other researchers find that they actually offer less security than current state of the art encryption algorithms.