Matrix

3238 readers

1 users here now

An open network for secure, decentralized communication

founded 4 years ago

MODERATORS

k_o_t@lemmy.ml

E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2: if you use Element or (matrix.org)

submitted 2 years ago by cypherpunks@lemmy.ml to c/matrix@lemmy.ml

11 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] poVoq 4 points 2 years ago* (last edited 2 years ago) (1 children)

AFAIK they don't exist because OMEMO keys are device and not account specific, so this entire class of attack surface does not exist.

[–] jcast@mastodon.social 2 points 2 years ago (2 children)

@poVoq @sexy_peach

Isn't matrix also based on session keys?
I think the issue is more about how keys are shared between devices, and access to previous messages granted?

[–] poVoq 3 points 2 years ago

I am not an expert on the topic, but yes the key sharing seems to be the ultimate source of these issues.

[–] jcast@mastodon.social 1 points 2 years ago

@poVoq @sexy_peach

shared meaning cross-signed