Soatok DreamseekerFeb 20

I've had a few people ask why I didn't post the full Matrix email on my Fedi thread. There are two reasons:

  • It wouldn't fit in 1k characters.
  • Listen carefully:

    • Y'know how "just getting caught cheating on your monogamous partner" isn't the right time to discuss exploring ethical nonmonogamy?

    In a similar vein, asking for information while dismissing a report as "no practical security impact" is still dismissing the goddamn report.

    I excerpted the part of their email where they dismissed my report. That was the part that initiated the immediate disclosure. The inciting turn of phrase.

    It doesn't matter how much you piss on my leg, I'm not going to believe it's raining.

    Show threadSoatok DreamseekerFeb 20

    Matrix has many incentives to lie or mislead. Their leadership includes the CEO of a company whose product is a Matrix client. There's active political talks about the EU investing heavily in Matrix. He's got a vested interest in looking good, even at the expense of doing or even being good.

    On the other hand, I have nothing to gain. If everyone switches to Matrix tomorrow, nothing in my life changes. If Matrix self-implodes and everyone goes back to XMPP tomorrow, nothing in my lfie changes.

    The only things I want are:

  • End-to-end encryption to be better.
  • End-to-end encryption to become ubiquitous for communication protocols and apps.
  • The large tech companies whose business models involve privacy violations and stealing from artists and other creative workers to burn down so gloriously that society forgets the word "billionaire" in twenty years.
    • Show threadSoatok DreamseekerFeb 20

    But what about "don't make perfect the enemy of good"?

    If your cryptography isn't damn near-perfect, it's shit. There aren't many cryptographic solutions that get a C+ in the world. It's either an A, A-, or an F.

    Show threadSoatok DreamseekerFeb 20

    An F in cryptography is aes-js / pyaes, as this Trail of Bits blog by Opal Wright explains:

    Mistakes in cryptography are not a sin, even if they can have a serious impact. They’re simply a fact of life. As somebody once said, “cryptography is nightmare magic math that cares what color pen you use.” We’re all going to get stuff wrong if we stick around long enough to do something interesting, and there’s no reason to deride somebody for making a mistake.

    What matters—what separates carelessness from craftsmanship—is the response to a mistake. A careless developer will write off a mistake as no big deal or insist that it isn’t really a problem—yadda, yadda, yadda. A craftsman will respond by fixing what’s broken, examining their tools and processes, and doing what they can to prevent it from happening again.

    Does this sound familiar?

    Carelessness versus craftsmanship in cryptography

    Two popular AES libraries (aes-js and pyaes) provide dangerous default IVs that lead to key/IV reuse vulnerabilities affecting thousands of projects. One maintainer dismissed the issue, while strongSwan’s maintainer exemplified proper security response by comprehensively fixing the vulnerability in their VPN management tool.

    The Trail of Bits Blog
    Show threadSoatok DreamseekerFeb 20

    Now, am I saying that they're lying or deliberately misleading?

    No. I'm describing the incentives they're operating under!

    This could be entirely subconscious or even unconscious decisionmaking and/or behavior for all I know.

    But it's really suspicious to insist that the specific attack I keep describing is handwaved as "outside our threat model" when their public threat model is so frustratingly incomplete that it might as well just say Cryptography: Vibes.

    I mean, look at it: https://spec.matrix.org/v1.17/appendices/#security-threat-model

    Appendices

    Unpadded Base64 Unpadded Base64 refers to ‘standard’ Base64 encoding as defined in RFC 4648, without “=” padding. Specifically, where RFC 4648 requires that encoded data be padded to a multiple of four characters using = characters, unpadded Base64 omits this padding. For reference, RFC 4648 uses the following alphabet for Base 64: Value Encoding Value Encoding Value Encoding Value Encoding 0 A 17 R 34 i 51 z 1 B 18 S 35 j 52 0 2 C 19 T 36 k 53 1 3 D 20 U 37 l 54 2 4 E 21 V 38 m 55 3 5 F 22 W 39 n 56 4 6 G 23 X 40 o 57 5 7 H 24 Y 41 p 58 6 8 I 25 Z 42 q 59 7 9 J 26 a 43 r 60 8 10 K 27 b 44 s 61 9 11 L 28 c 45 t 62 + 12 M 29 d 46 u 63 / 13 N 30 e 47 v 14 O 31 f 48 w 15 P 32 g 49 x 16 Q 33 h 50 y Examples of strings encoded using unpadded Base64:

    Matrix Specification
    Show threadSoatok DreamseekerFeb 20

    You wanna see a fucking threat model?

    Here: https://github.com/fedi-e2ee/public-key-directory-specification/blob/main/Specification.md#threat-model

    And this is for an ActivityPub service that just stores data in immutable plaintext and serves it over HTTPS!

    public-key-directory-specification/Specification.md at main · fedi-e2ee/public-key-directory-specification

    Specification for a Fediverse Directory Server for Public Keys - fedi-e2ee/public-key-directory-specification

    GitHub
    Show threadclang-enbyFeb 20

    @soatok

    I mean the thread model for fucking is pretty simple, it's literally just STDs

    Show threadCurioFeb 21

    @sudo200
    If you took sex threat modeling seriously though, there’d also be various forms of abuse, overwhelming the partners, various possible forms of physical and mental injuries, the mentioned risk of involuntary procreation, ... to consider and suddenly your back at having cryptography level threat modeling over sex again.

    It’s not cryptographers overthinking this, it’s everyone underthinking it for sanity reasons. I mean visiting a BDSM workshop on “consent” is like a multi-hour threat modeling appreciation session.  
    @soatok

    Show threadSoatok Dreamseeker
    @curiousicae @sudo200 Kink workshops are serious work
    Feb 21 at 3:09amWeb
    Show threadCurioFeb 21

    @soatok
    Absolutely, something about dealing with up-front costs, thinking about what can go wrong and being prepared to handle bad situations as they inevitably sometimes arise anyways, so that you can reap great rewards afterwards.

    ... this was a post entirely and only about sex.   
    @sudo200