Egregoros · Phoenix Framework

Timeline

Post

Remote status

Context

cliffle

@cliffle@hachyderm.io remote

RE: https://furry.engineer/@soatok/116088639302283341

Chewing on Soatok's last commentary on matrix crypto. I haven't implemented DH in a while, but:

If the system allows the other user to use the point at Infinity as their public key... Doesn't that mean if I'm in a position to tamper with both sides of the connection, I could tell each party separately that the other chose it, and they'd be none the wiser because they'd independently derive the same session key? But their traffic would be effectively unencrypted for any observer, not just me.

I sure hope there's some other feature of the protocol that prevents this.

Replying to @cliffle@hachyderm.io

John-Mark Gurney

@encthenet@flyovercountry.social remote

@cliffle
They could do what signal does which is hash what has been sent and received so far and integrate that into the resulting session key. That way if someone replaces a public key, the otherside would end up with the wrong key.

I mean, they are a signal replacement so they're doing this, right? Right?

(I'm not hopeful.)

Replies

Replying to @encthenet@flyovercountry.social

feld

@feld@friedcheese.us remote

@encthenet @cliffle

> mean, they are a signal replacement so they're doing this, right? Right?

A Signal replacement wouldn't have your messages on a blockchain which completely breaks cryptographic deniability* tho

*the true value of this is debated https://www.usenix.org/system/files/usenixsecurity23-yadav.pdf