I suppose they could try, but now we have tests for this and many people will be on their toes about it (myself included). I don't see this as being a viable tactic for someone looking to compromise E2EE.
Posts by Denis Kasak
2 publicly visible posts • joined 14 Sep 2021
How a glitch in the Matrix led to apps potentially exposing encrypted chats
Tuesday 14th September 2021 22:50 GMT
The keys are definitely protected with cryptography, both in transit and when deciding whether the message key should be shared with a requesting device.
This latter check is performed by ensuring the identity key of the key-requesting device is the same as the one written down at the point the message key was originally shared with the participant. Unfortunately, it turned out that this check could be fooled with some trickery -- but this is a logic bug and an honest mistake, which is now patched.
Biting the hand that feeds IT
