Dan Goodin on Nostr: A fork of the Signal Messenger known as Sessions has omitted several important ...
A fork of the Signal Messenger known as Sessions has omitted several important security properties found in the original source code, making it a less secure alternative, a researcher says. The deficiencies include:
-- no forward secrecy
insufficient Entropy in Ed25519 Keys
no in-Band Negotiation for Message Signatures
using Public Keys as AES-GCM Keys
Stay away from this offering unless you really, really, really know what you're doing:
https://soatok.blog/2025/01/14/dont-use-session-signal-fork/
-- no forward secrecy
insufficient Entropy in Ed25519 Keys
no in-Band Negotiation for Message Signatures
using Public Keys as AES-GCM Keys
Stay away from this offering unless you really, really, really know what you're doing:
https://soatok.blog/2025/01/14/dont-use-session-signal-fork/