End to End Encryption SIG - 2026-02-12

  1. muckle

    Is this an active channel

  2. franco

    wish it was, but doesn't seem so 🤔

  3. moparisthebest

    everyone waits for you to leave to talk

    😭 1😂 1
  4. muckle

    Sad but true

  5. muckle

    Has anyone managed to develop a working OTRv4 coded in python

  6. muckle

    I have been vide coding for over a year trying to get to working managed to get aes255gcm encryption+dh double ratchet+DAKE12&3+trust fingerprint however SMP won't run

  7. muckle

    256 bit encryption later compared to signal + WhatsApps 128

  8. muckle

    Works from any terminal, basic IRC i like to run it over tor / i2p

  9. moparisthebest

    OTR is a non-starter for modern XMPP where we use multiple devices and might not be online all the time

  10. muckle

    Pretty secure with memory wiping on close. (All chat history stores in memory never written to disk

  11. muckle

    Yes the otrv4 docs say I should create a tor/i2p relay sever to keys to be exchanged and messages retrieved

  12. muckle

    Haven't got that far yet still working on SMP

  13. muckle

    Xmpp mainly uses OMEMO

  14. muckle

    ?

  15. franco

    yes. and OMEMO is a Signal Protocol implementation

  16. muckle

    Yeah everyone seems to rely on this OMEMO hope there isn't a backdoor 👀

  17. franco

    It's been around for a while and the code is published, so I'd think someone would have noticed by now, if that was the case 🤔

  18. franco

    > Xmpp mainly uses OMEMO most clients implement an older version of the OMEMO XEP for now, tho: https://xmpp.org/extensions/#xep-0384-implementations

  19. moparisthebest

    it's also been audited

  20. muckle

    Otrv3 is still used with known cve

  21. muckle

    Maybe the case with omemo

  22. moparisthebest

    maybe the sky is red and water is dry and this is all a simulation

  23. muckle

    quick note on Conversations 2.19.10 (the latest one right now in Feb 2026) – it's still running the old-school OMEMO setup (the classic one with eu.siacs.conversations.axolotl namespace, basically XEP-0384 around 0.3.0 era using AES-128-GCM). That version doesn't have stuff like key commitment, so it's theoretically vulnerable to things like Invisible Salamanders attacks in tricky multi-device setups. The newer spec (up to 0.9.0 now) switched to urn:xmpp:omemo:2 with better AES-256 + HMAC and other fixes, but Conversations hasn't made the jump yet – still sticking with the legacy impl for compat reasons I guess. Encryption's still decent for normal chatting (forward secrecy, deniability, offline msgs all work), no big public exploits out there rn, but if you're paranoid/high-threat, it carries extra risks from outdated crypto bits and old library deps (like ancient BouncyCastle in some spots). You can peek at your chat's lock icon to see the fingerprints/version hints. Maybe worth keeping an eye on updates or checking other clients that do OMEMO:2 if your contacts support it. Or just fall back to Signal.