The one with the headscarf 🧕🏽Feb 14, 2025

Any #nixos maintainer here who'd be up to reviewing a PR ? The cryptographic library #libolm no longer builds on nixpkgs for macOS - this sadly still is a critical dependency for a major share of the matrix ecosystem, I'd appreciate to just get the fix merged quickly.

https://github.com/NixOS/nixpkgs/pull/381493

(Boost ok)

olm: add patch removing const statement by TheOneWithTheBraid · Pull Request #381493 · NixOS/nixpkgs

Things done OLM is dead - long live OLM. I figured out the last OLM release no longer builds on macOS since clang complains about the old c++ code being unsafe with a const where there should be no...

GitHub
pacpacFeb 13, 2025
https://github.com/matrix-org/vodozemac

matrix-org / vodozemac - An implementation of #Olm and #Megolm in pure Rust.

貌似许多Matrix客户端都在用老的 #libolm 。libolm 已经被废弃了。

#rust #matrix #cryptography #encryption #DoubleRatchet
GitHub - matrix-org/vodozemac: An implementation of Olm and Megolm in pure Rust.

An implementation of Olm and Megolm in pure Rust. Contribute to matrix-org/vodozemac development by creating an account on GitHub.

GitHub
renesatFeb 10, 2025

#cinny finaly move from #libolm to #vodozemac. This fixed #matrix vulnerable from last year.

https://github.com/cinnyapp/cinny/pull/1988

redesigned app settings and switch to rust crypto by ajbura · Pull Request #1988 · cinnyapp/cinny

Description Fixes #1869 #1399 #792 #1979 #1877 #1130 #940 #1308 #1543 #1755 #2034 #1535 Type of change Bug fix (non-breaking change which fixes an issue) New feature (non-breaking change which ...

GitHub
Show threadStrypeyDec 31, 2024

@Forbearance
> An irate blue wolf told me that Matrix was afflicted with a Library of Olms and we shouldn't use it

This person is spreading FUD.

"The CVEs have since been edited post-submission to conflate libolm with the Olm protocol itself. A genuine protocol vulnerability would be much more serious so we are working with MITRE to clarify."

https://matrix.org/blog/2024/08/libolm-deprecation/

libolm has been formally deprecated in favour of a new Olm library.

#Matrix #Olm #LibOlm #vodozemac

@drwho @matthew

Libolm Deprecation

Matrix, the open protocol for secure decentralised communications

CryptGoatAug 15, 2024

FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
libolm has now been deprecated: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985
These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.

There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.

#FluffyChat and #Nheko are working on their clients:
https://github.com/krille-chan/fluffychat/issues/1258
https://github.com/Nheko-Reborn/nheko/issues/1786#issue-2441024627
Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.

Edit: This post has been edited to include some corrections

#Security #Messenger #Olm #FOSS #Privacy

Security Issues in Matrix’s Olm Library - Dhole Moments

I don’t consider myself exceptional in any regard, but I stumbled upon a few cryptography vulnerabilities in Matrix’s Olm library with so little effort that it was nearly accidental. It…

Dhole Moments
David Aug 15, 2024

I am disappointed that @matrix didn't publish any response to the Soatok post.

At least to provide some context about
- Why was an insecure crypto implementation knowingly chosen for libolm?
- Why was the fact that libolm is potentially insecure not clearly communicated?
- Why was the crypto implementation not replaced sooner?
- Why is the ecosystem so slow to start using the Rust rewrite?
- Does the foundation plan to do anything about that?

#matrix #libolm

MTRNordAug 14, 2024

Since soatok sadly name dropped one of my clients into his FUD post, I hereby publish the comments which he presumably will likely get moderated away:

#matrix #libolm #crypto #soatok

xtex🅥Jul 21, 2023
MLS is now RFC 9420!
https://www.rfc-editor.org/rfc/rfc9420
https://matrix.org/blog/2023/07/a-giant-leap-with-mls/
#matrix #mls #libolm
RFC 9420: The Messaging Layer Security (MLS) Protocol

Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections is challenging for group chat settings, in which more than two clients need to agree on a key but may not be online at the same time. In this document, we specify a key establishment protocol that provides efficient asynchronous group key establishment with forward secrecy (FS) and post-compromise security (PCS) for groups in size ranging from two to thousands.

The one with the headscarf 🧕Jan 19, 2023

Work on the [#matrix] POSIX SDK is now in a stage that runtime configuration and object initialization is finally working - using pure POSIX shell 🎉 !

Though there are only some few Client Server API endpoints implemented yet, the SDK is on a good way to an alpha version.

#matrix #bash #posix #libolm #MatrixPosixSdk

The one with the headscarf 🧕Dec 25, 2022

Started working on a proper [#matrix] Bash SDK - aiming to be POSIX compatible, minimal in dependencies and to support E2E encryption.

#matrix #bash #libolm