this post was submitted on 31 Oct 2020
6 points (100.0% liked)

Lemmy Support

4651 readers
22 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 5 years ago
MODERATORS
dessalines@lemmy.ml
6
Are dms e2e encrypted between recipients? (lemmy.ml)
submitted 4 years ago by DrivingForce@lemmy.ml to c/lemmy_support@lemmy.ml
7 comments fedilink hide all child comments
 

Just curious if that is the case. I assume not as Lemmy does not advertise it's encryption at all.

Would this ever be planned for Lemmy?

you are viewing a single comment's thread
view the rest of the comments
[–] Bear_with_a_hammer@lemmy.ml 1 points 1 year ago* (last edited 1 year ago) (1 children)

It would be nice to have them, it's an additional attraction factor for users. It could be done using hybrid approach where one hash derived from user password is used to authenticate in Lemmy and retrieve chat list, second completing hash would decrypt them. Example: https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

[–] lotanis@discuss.tchncs.de 4 points 1 year ago (1 children)

Implementing E2E isn't just about the encryption though, it's also about the key exchange/distribution/generation approach.

If you look at what Matrix does, so much of the complexity comes from how they authenticate all the different clients to manage E2E in a distributed way. For proper E2E you've got more than 2 ends (multiple clients) so you need to manage it for all.

[–] Bear_with_a_hammer@lemmy.ml 1 points 1 year ago (1 children)

I don't get what makes it hard to implement the same stuff using libraries provided, encryption should be optional for servers administrators to enable

[–] ShittyKopper@lemmy.w.on-t.work 1 points 1 year ago

Encryption is hard to get right. Which doesn't help when it's essentially useless unless you get it right

https://github.com/soatok/mastodon-e2ee-specification was a thing but it doesn't seem to be updated for months now.