* Posts by Denis Kasak

2 publicly visible posts • joined 14 Sep 2021

How a glitch in the Matrix led to apps potentially exposing encrypted chats

Denis Kasak

I suppose they could try, but now we have tests for this and many people will be on their toes about it (myself included). I don't see this as being a viable tactic for someone looking to compromise E2EE.

Denis Kasak

The keys are definitely protected with cryptography, both in transit and when deciding whether the message key should be shared with a requesting device.

This latter check is performed by ensuring the identity key of the key-requesting device is the same as the one written down at the point the message key was originally shared with the participant. Unfortunately, it turned out that this check could be fooled with some trickery -- but this is a logic bug and an honest mistake, which is now patched.