Arthur Besse to Matrix@lemmy.ml • 2 years agoE2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2: if you use Element ormatrix.orgexternal-linkmessage-square11fedilinkarrow-up122arrow-down10
arrow-up122arrow-down1external-linkE2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2: if you use Element ormatrix.orgArthur Besse to Matrix@lemmy.ml • 2 years agomessage-square11fedilink
minus-squarepoVoqAlink4•edit-22 years agoAFAIK they don’t exist because OMEMO keys are device and not account specific, so this entire class of attack surface does not exist.
minus-squarej@mastodonlinkfedilink2•2 years ago@poVoq @sexy_peach Isn’t matrix also based on session keys? I think the issue is more about how keys are shared between devices, and access to previous messages granted?
minus-squarepoVoqAlink3•2 years agoI am not an expert on the topic, but yes the key sharing seems to be the ultimate source of these issues.
AFAIK they don’t exist because OMEMO keys are device and not account specific, so this entire class of attack surface does not exist.
@poVoq @sexy_peach
Isn’t matrix also based on session keys?
I think the issue is more about how keys are shared between devices, and access to previous messages granted?
I am not an expert on the topic, but yes the key sharing seems to be the ultimate source of these issues.
@poVoq @sexy_peach
shared meaning cross-signed