The New OilAnalysis of reported issues in #vodozemac
https://matrix.org/blog/2026/02/analysis-of-reported-issues-in-vodozemac/
Dhole Moments - Software, Security, Cryptography, and FurriesCryptographic Issues in Matrix’s Rust Library Vodozemac
🐦🔥nemo™🐦⬛ 🇺🇦🍉Matrix sees a surge in new users as Discord’s planned age-verification rollout drives privacy-conscious communities to explore decentralized chat alternatives. 🔐💬 Read more:
https://cyberinsider.com/matrix-sees-sudden-surge-in-new-users-amid-discord-mass-exodus/
#Matrix #Discord #Privacy #TechNews #Newz #E2EE
Don't put all your eggs into one basket. #compartmentalization is 🔑
Ta-da! 🎉 🎉 🎉 18.02.26 Update
Security researcher Soatok details serious cryptographic flaws in Matrix’s #Rust library #vodozemac 🔐⚠️ Full analysis: https://soatok.blog/2026/02/17/cryptographic-issues-in-matrixs-rust-library-vodozemac/ #infosec
Krille - Christian K.📣 Call for testing Vodozemac 📣
#FluffyChat
has merged Vodozemac.
If you are interested in help testing it, you can now install the beta version:
renesat#cinny finaly move from #libolm to #vodozemac. This fixed #matrix vulnerable from last year.
Strypey@Forbearance
> An irate blue wolf told me that Matrix was afflicted with a Library of Olms and we shouldn't use it
This person is spreading FUD.
"The CVEs have since been edited post-submission to conflate libolm with the Olm protocol itself. A genuine protocol vulnerability would be much more serious so we are working with MITRE to clarify."
https://matrix.org/blog/2024/08/libolm-deprecation/
libolm has been formally deprecated in favour of a new Olm library.
tichoI kind of started work on C bindings for #vodozemac, the #Matrix #E2EE library. I wonder how far I'll get with it, given my rust is very rusty. :)
Some initial proof of concept code lives at https://codeberg.org/ticho/cvodozemac, that's all I got. :)
HelgeGood morning! It looks like a little bit more rain today, and then it will finally be over. Anyway, it's story time: On how I discovered Proud to Be a Cow by SesameStreet (Youtube link).
It all started out with recent discussions on end to end encryption on the Fediverse and ActivityPub. Given that python-vodozemac implements the olm double ratchet in Python and bovine, it should be easy to build an E2EE prototype for ActivityPub.
Once you start implementing stuff, you realize that doing E2EE requires a lot of state. In particular, if you want to support multiple clients to connect to your ActivityPub Actor, you need to synchronize state.
Luckily, there exists Sesame a long document describing how to solve the above problem. The next question then was if cows could eat sesame (Internet says yes). On the search for the answer, I discovered the video above.
Proud to Be a Cow
Is it a bad idea to hack together end to end encrypted actor to actor messaging with ActivityPub just so one call the resulting activity a Moo? Asking for a 🐄.
CK's Technology News#Audit of #Vodozemac, a native #Rust reference implementation of #Matrix #E2EE
Paper
https://matrix.org/media/Least%20Authority%20-%20Matrix%20vodozemac%20Final%20Audit%20Report.pdf
