6
submitted 5 months ago by hetzlemmingsworld to c/session@lemmy.ml

There was a security audit https://getsession.org/session-code-audit that result in this: "The overall security level of this application is good and makes it usable for privacy-concerned people."

you are viewing a single comment's thread
view the rest of the comments
[-] hetzlemmingsworld 1 points 5 months ago

what makes you say that?

I have read it at https://www.securemessagingapps.com

lack of forward secrecy

Oxen people argument: "under typical circumstances, the only way long term keys can be compromised is through full physical device access — in which case an attacker could simply pull the already-decrypted messages from the local database. As is often said in the infosec community, physical access is total access" source: https://getsession.org/blog/session-protocol-explained

They are also saying "We will be looking at making it easier to rotate accounts as a whole" source: https://github.com/oxen-io/session-desktop/issues/2338

[-] cypherpunks@lemmy.ml 1 points 5 months ago* (last edited 5 months ago)

and logs timestamps/IP addresses

what makes you say that?

I have read it at https://www.securemessagingapps.com

That website has a lot of things wrong, and provides no citations for most of its claims: it just says "Yes" or "No" about most things.

SimpleX says they don't log IP addresses, and their claim is at least as credible as anyone else's. I suspect the securemessagingapps web page gave them a "No" in that column because SimpleX is refreshingly honest in their threat model and privacy policy, and thus mentions that even though they don't log IPs their hosting provider (or the hosting provider of other SimpleX servers - you don't have to use one of theirs) could be. They currently recommend using Tor to mitigate this problem.

Oxen people argument: “under typical circumstances, the only way long term keys can be compromised is through full physical device access — in which case an attacker could simply pull the already-decrypted messages from the local database.

Most chat apps allow you to delete old messages, both on an individual message basis and automatically after some period of time. Does Session not?

As is often said in the infosec community, physical access is total access”

Who would say that, except someone trying to excuse their protocol's lack of forward secrecy?

There is no reason why physical access to a device should mean total access to messages that were deleted previously; all serious secure messaging protocols today use forward secrecy to limit the impact of device compromise.

Furthermore, most modern (eg, designed in the last decade or so) protocols also provide post-compromise security (aka "backward secrecy", "future secrecy", or "self-healing") to introduce new entropy into their ratchets such that when a device is temporarily compromised (as is actually very often the case in real-world attacks on mobile operating systems) the key material which an attacker can exfiltrate doesn't allow them to decrypt future messages which are sent later after the device is uncompromised (eg, rebooted).

this post was submitted on 08 Jun 2024
6 points (87.5% liked)

Session

77 readers
1 users here now

A sublemmy for discussing session, getsession.org, an opensource decentralized chat application.

founded 2 years ago
MODERATORS