Soatok Dreamseeker on Nostr: nprofile1q…kgykp I’ve read the post about KCI, but it seems like it wouldn’t ...
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq3385x9zu5czskpud40ukzc2m0hhjr9f0kckk79uq293qxty78vrsckgykp (nprofile…gykp)
I’ve read the post about KCI, but it seems like it wouldn’t apply if they didn’t screw up their message signing (because identity would be validated via Ed25519 anyway)?
The KCI problem has more to do with, if I manage to guess a single key at random (e.g., the Debian weak keys bug or something like that happened), I can only intercept one handshake, not all past and future handshakes.
The Ed25519 thing is totally separate, and just shows a poor understanding of cryptography protocols on the part of the Session devs.
I’ve read the post about KCI, but it seems like it wouldn’t apply if they didn’t screw up their message signing (because identity would be validated via Ed25519 anyway)?
The KCI problem has more to do with, if I manage to guess a single key at random (e.g., the Debian weak keys bug or something like that happened), I can only intercept one handshake, not all past and future handshakes.
The Ed25519 thing is totally separate, and just shows a poor understanding of cryptography protocols on the part of the Session devs.