simplex

simplex, 10 days ago

@anchel updated!

simplex, 29 days ago

@soatok @triskelion @alshafei

sorry, where did you get 3 days from? It was actually 10 days by 2 people with 5 of them billable (as the report says).

Additional, longer assessment is coming this year.

simplex, 29 days ago

@soatok @triskelion @alshafei

Ed448/Ed25519 curve choice is controlled by the client, and currently Ed448 curve is not used. What are you specific objections to Ed448 curve?

simplex, 29 days ago

@soatok @triskelion @alshafei

To reference Signal algorithm specs: https://signal.org/docs/specifications/doubleratchet/#integration-with-x3dh

https://signal.org/docs/specifications/doubleratchet/

It does recommend X448/X25519 algorithms and AES-GCM.

All seems rather boring, isn't it... What's daring here?

simplex, 28 days ago

@soatok @triskelion @alshafei

we understand the limitations of AES-GCM, and they do not apply here, but we will revalidate it.

Groups don't use shared keys, they are based on pairwise ratchets.

The encryption scheme evolved with the addition of sntrup761 to double ratchet, and if AES-GCM proves suboptimal, it can be replaced too.

Also, it is customary to follow a process to report vulnerabilities: https://simplex.chat/security/

Doing it in public forum hurts your credibility.

simplex, 28 days ago

@soatok @triskelion @alshafei

> My complaint with Curve448 is that most things don't use it, so implementations are less reviewed.

OpenSSL (both library and the tool) includes it for a long time.

> The primary reason to select 448 over 25519 is a "biggest rock is best rock" approach to cryptography parameters. It doesn't help in any realistic scenario, nor against quantum attackers at all.

This view is contrary to the advice from DJB to always choose a bigger key size that is necessary.

simplex, 28 days ago

@soatok @triskelion @alshafei

arithmetics says it's 4 :)

And they generously billed 5 days having spent more than 10 (engineer-days).

TOB are very good with Haskell btw, and double ratchet implementation was one of the focus points.

simplex, 28 days ago

@soatok @triskelion @alshafei

Whether you like design or not is secondary to whether it is a secure or not, isn't it?

Design evolves though.

simplex, 28 days ago

@soatok @triskelion @alshafei no, we absolutely love criticism - it's what was driving the design evolution so far, and will continue.

Just please send any real findings (if you get deeper) privately - as real people security depends on the app, whether you like it or not.

But the criticism of the design itself is very appreciated.

So far it's all good. AES-GCM given how it's used seems adequate, but we will revalidate it.

simplex, 28 days ago

@soatok @triskelion @alshafei In DR neither party has control of the AES key to use, so maybe I am missing something, but I don't think this attack works... will re-assess.

simplex, 28 days ago

@soatok @triskelion @alshafei two more assessments are coming this year - one focussed specifically on the protocols design, and another on implementation.

simplex, 28 days ago

@soatok @triskelion @alshafei I agree about full disclosure once fixed - it's what our policy is, similar to OpenSSL's.

simplex, 28 days ago

@soatok @triskelion @alshafei right:) 👍

simplex, 1 month ago

@MartinBe @MartinaNeumayer we have the GitHub issue, but it would be really helpful to have the logs from the device when it happens. Also, having a full list of settings might help reproducing.

simplex, 1 month ago

@echo_pbreyer instead of dramatically increasing the risks for children by reducing their and their family privacy, the legislators should consider raising the age where parents have the right to access children information to at least 16 years, as technology platforms can't identify sexual predators masquerading as children.

By the time the abuse materials distributed it's already too late - so by reducing the privacy legislators are trying to hide the symptoms rather than solve the problem.

simplex, 1 month ago

@echo_pbreyer in the stand-off "protect children" vs "protect privacy" we will lose both. The reality is that the only way to protect children is by increasing their and their family privacy.

That is of course if legislators really want to protect children, and are not simply using it as a pretext for large scale surveillance against their citizens.

Let's not be fooled by "protect the children" narrative - if Chat Control surveillance succeeds, children will be a collateral damage.

simplex, 1 month ago

@anchel done

simplex, 1 month ago

@anchel weird, not for me. Please try force-refresh the page maybe?

simplex, 1 month ago

@anchel I see, you were asking about simplexmq... Updated :)

simplex, 1 month ago

@GrapheneOS

> E2EE does no good if app is exploited.

I think this is a very wide and generally misleading statement. It's not that black and white. You are talking about different attack vectors, and the purpose of E2EE is to protect from the operator, and the attacks you describe are from untrusted/malicious contacts. Also, the attack via media that would lead to the compromise of E2EE with other contacts is very hard - it's on you to demonstrate it, before stating it's possible.