stf on Nostr: huh #trailofbits did an audit of #simplex - only the "protocol spec" ...
huh #trailofbits did an audit of #simplex - only the "protocol spec" https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf
quite limited scope. and last time i looked at the spec i lost my appetite, but apparently there have been updates, like addition of sntrup pq kem. so maybe this has improved? still wouldn't use it the supply chain attack surface is begging for a "soon" not an "if". and the global transcript of group chats was out of scope in this audit. so, meh?
quite limited scope. and last time i looked at the spec i lost my appetite, but apparently there have been updates, like addition of sntrup pq kem. so maybe this has improved? still wouldn't use it the supply chain attack surface is begging for a "soon" not an "if". and the global transcript of group chats was out of scope in this audit. so, meh?