Skip Navigation
Furry Technologists @pawb.social Soatok Dreamseeker @pawb.social

Security Issues in Matrix’s Olm Library - Dhole Moments

soatok.blog Security Issues in Matrix’s Olm Library - Dhole Moments

I don’t consider myself exceptional in any regard, but I stumbled upon a few cryptography vulnerabilities in Matrix’s Olm library with so little effort that it was nearly accidental. It…

Security Issues in Matrix’s Olm Library - Dhole Moments
6

You're viewing a single thread.

6 comments
  • meanwhile, it is very unclear that any sidechannel attack on a libolm based client is practical over the network (which is why we didn’t fix this years ago).

    Wow... Uh, that's certainly a thing for a developer to let slip out, huh?

    One thing I don't get about Signal/Telegram/etc is that they claim to be secure and private... Yet also require you to prove your identity via a phone number? I don't really get it.

    That would be a massive deal breaker to some people I want to push off Discord and is one of the reasons I haven't tried Signal yet, but have tried Matrix.

    • signal no longer requires phone numbers as they have implemented a username system

6 comments