Comments (3)
This would have worked but actually misses a lot of the nice security properties of double ratchet.
The current plan is to implement double ratchet sessions, with sender keys for groups. We'll also be using crypto primitives from libsodium
for symmetric key operations (e.g. kdf, mac, stream encryption), and we'll probably use it for signatures as well (though I'm open to the suggestion of using e.g. falcon
for signing, lattice signature schemes seem less mature than encryption schemes so I'm inclined to stick with EdDSA from libsodium).
from herald.
New message format is actually server metadata + xsalsa20poly1305 encrypted message body.
from herald.
Closing this - we'll be using libsodium primitives, through the bindings provided by sodiumoxide. Implementation is in the chainmail repo, I'll probably give the protocol a more thorough write-up once it's had a few weeks to stabilize.
from herald.
Related Issues (20)
- Bind profile picture and display name for outbound messages to properties in config object
- Add context menus for Copy+Paste in text input
- Use consistent names for similar properties across different models in libherald HOT 3
- Message feature improvement HOT 1
- Fix mobile settings layout & functioning
- Update message send and received status enums
- flurry changes for message-specific expiration
- Make back button return to previous screen on android HOT 2
- Support sending messages without whitespace on Android
- Video attachments on desktop
- User discovery search
- Support sending messages on android without whitespace, *correctly*
- Correct color updates
- gallery view zoom bug, the sequel
- Provide containerized server for easy self hosting HOT 3
- Mobile feature parity
- use +platform dirs and conditional compilation properly HOT 2
- Replace "property var" pattern for libherald types with explicit types HOT 1
- why do we need Zombie/PhantomImports.qml HOT 2
- make conversations use a hashmap + update qml
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from herald.