Don’t Use Session (Signal Fork)
-
{Insert Pasta Pun}replied to {Insert Pasta Pun} last edited by
@soatok ooo smarter question: how does signal prevent KCI?
-
Soatok Dreamseekerreplied to {Insert Pasta Pun} last edited by
@risottobias Ratcheting protocols
-
Soatok Dreamseekerreplied to Soatok Dreamseeker last edited by
-
{Insert Pasta Pun}replied to Soatok Dreamseeker last edited by
@soatok but how would that prevent e.g. the federated key exchange starting point of your implementation?
Like they start with a first key no?
-
Soatok Dreamseekerreplied to {Insert Pasta Pun} last edited by
@risottobias The key thing I'm building is for signing keypairs.
Those keypairs sign an ephemeral public key. There is no long-term x25519 public key in my design.
-
{Insert Pasta Pun}replied to Soatok Dreamseeker last edited by
@soatok I'm gonna nod like I understand but my head is empty
-
{Insert Pasta Pun}replied to Soatok Dreamseeker last edited by
@soatok also, on a signal ratchet, aren't the ratchet negotiations also "in band"?
-
David Chisnall (*Now with 50% more sarcasm!*)replied to Soatok Dreamseeker last edited by
@soatok I treasure my ignorance of cryptography because I believe that there are two safe amounts of crypto-knowledge:
- A lot, so that you can design something robust.
- None, so that you know not to try.
Between them is a dangerous middle ground of thinking you know enough to do something sensible. Hypothetically, there may be a safe middle ground where you don't know much but do know how little you know. I'm not confident of being able to do that.
Your post made me worry, because even I know least why some of those things are a bad idea.
-
Soatok Dreamseekerreplied to David Chisnall (*Now with 50% more sarcasm!*) last edited by
@david_chisnall The problem isn't knowledge, it's confidence.
You can know a lot about cryptography, but unless you've convinced yourself that you know "enough" to do it "safely", you're not at risk of pulling a dangerous move.
-
-
-
-
Thomas Guyot-Sionnestreplied to Soatok Dreamseeker last edited by
@soatok @david_chisnall Personally I've always seen it as three levels:
1- Knowing enough to do it safely
2- Knowing enough to know you can't trust yourself doing safe crypto, use only well established patterns and only doing exactly what they've been designed to do
3- Knowing enough to fuck it upI think I'm at 2 now, yet I now know I wasn't really at 2 in the past when I thought I was, so I think you also can't trust yourself knowing which level you're at!
-
{Insert Pasta Pun}replied to Thomas Guyot-Sionnest last edited by
@dermoth @soatok @david_chisnall I mean that does mean soatok is level 3
I personally think it's when you advertise your things as an equivalent.
I make no such claims. My shit is just static Age and Minisign keys, not MLS or a ratchet, so I don't claim it has forward secrecy or any of that. Nor does it provide certificate pinning.