This day in history...I mean present: first ever end-to-end encrypted message to be sent from a #dumbphone?
https://git.disroot.org/badrihippo/convo/commit/c95d048c9dafa51ceef5c5c07b241abe6290696b
Using #Convo on #KaiOS, powered by #ConverseJS, #XMPP, #OMEMO, and #libsignal 
Обзор криптографии Signal не выявил уязвимостей
Некоторые специалисты по информационной безопасности призывают отказаться от использования Telegram , указывая на его исторические проблемы с криптографией . В качестве оптимальной альтернативы часто называют Signal . На чём основано это мнение и почему Signal считается более защищённым мессенджером?
https://habr.com/ru/companies/globalsign/articles/900456/
#Signal #Telegram #алгоритм_двойного_храповика #прямая_секретность #Key_Transparency #прозрачность_ключей #Rust #бинарное_дерево #двоичное_дерево #дерево_Меркла #libsignal #VRF
This sums up a lot of my E2EE thoughts (not written by me):
https://mjg59.dreamwidth.org/62598.html
People seem to forget that the actual hard part of encryption is key management. And it has been this way for the past 40 years. It's not performance, it's not the encryption algorithms, it's key management.
Algorithms have been mostly sorted since the 80s, performance was solve somewhere in the early 2000s. But key management is still hard.
Post by @mjg59 on how #e2ee messaging needs more than #libsignal https://mjg59.dreamwidth.org/62598.html
Cryptography is hard! UX is hard!
We really do need to make it easier to be more secure with systems designed to be composed.
Getting #e2ee right is non-trivial, even with a solid library underneath. New essay by @mjg59 with counter-examples of what can go wrong:
"Simply building something on top of #libsignal doesn't mean it's secure. If you want meaningful functionality you need to build a lot of infrastructure around libsignal, and doing that well involves not just competent development and UX design, but also a strong understanding of security and cryptography."
Hippo 🍉
Habr
Sheogorath
Boris Mann
Paul Rohr
Adrian McEwen