This blog post, and some of its comments are pretty interesting and concerning at the same time. Not really sure if in the end that means that nothing other than centralized controlled messaging can be as cryptography safe.

Any comments?

  • TechnicallyColors@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    The author of the article is a professional cryptographer with a long history of writing human-readable articles on serious cryptographic subjects. I think it would be polite to give them the benefit of the doubt and assume that they are not being a hater for the fun of it, especially when they’ve shown their work.

    Cryptography is to be taken very seriously. One implementation bug or one weak attack vector and you’re done. If you’re switching your algorithms around and not explaining why it’s very reasonable for a cryptographer to wonder what exactly you think you’re doing, and whether the implementation is in good hands. Maybe there are valid reasons for these changes, but we shouldn’t have to guess on something this important. If this article is what it takes to get clarification from the OMEMO authors on what exactly their design is, that is a positive outcome for everyone.

    If you think post-quantum is “snake oil” you clearly don’t know the first thing about cryptography, so why are you putting on a confident face here and disparaging the author instead of taking a few moments to research the topic first? Hint: pre-quantum communications can be captured and stored, to await the power of quantum computing to crack them. Post-quantum means that your conversations today remain safe tomorrow.

    • poVoq@slrpnk.netM
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      3 months ago

      The OMEMO authors have already responded to the point about the changelog, and it turns out the key length was always truncated like this (which is fine as Soatok themselves admit) and the change in the version they point out was only a slight wording change to emphasise this, not an actual spec change.

      That Soatok jumps on this in their article without checking what the spec actually was in previous versions makes me think they didn’t really look very closely, but rather just looked for superficial support of their preconceived opinion.

      As for post-quantum encryption: without knowing what quantum computers are really capable of, you can only speculate how to protect against them. The various proposals for that are highly debated and often turn out to be not any better or sometimes even worse than existing well established encryption methods.

      Encryption is indeed a serious matter, as you say yourself. Peddling unproven and half-baked "post-quantum” encryption algorithms that might in fact lower and not higher protection against current and future attacks is not serious.

      The serious response is to say we don’t know at the current time what can protect against possible future quantum computers and subsequentially minimize data retention and only use well proven state of the art encryption algorithms. Coincidentally XMPP is doing exactly that.