jdev - 2021-04-20

  1. defanor

    Sometimes I wonder whether basic symmetric encryption with manually managed keys may be a good fit for E2EE in instant messaging. The asymmetric ones aren't used to establish trust chains anyway, so the disadvantage I see is just the need for confidentiality in addition to integrity/authentication for key exchange/verification, but I think in practice much of the time one has either neither or both. While among the advantages are

  2. defanor

    simplicity, plausible deniability, and elimination of the more paranoid concerns. And it can be used both by itself or as a part of more complex protocols with automated session key establishment, relying on asymmetric cryptography. Were there any attempts to use it that way, and/or am I missing other notable disadvantages?

  3. Ge0rG

    defanor: https://op-co.de/tmp/SEX.html 😁

  4. defanor

    Ge0rG, that appears to rely on asymmetric/public-key cryptography, but thanks for the link, I haven't seen it before.

  5. Ge0rG

    ah right, looking for symmetric crypto. Not sure if it is a good idea over lean asymmetric with static per-user keys

  6. Ge0rG

    because you'd need N² keys instead of N keys

  7. defanor

    That's for the whole system, but each user individually would need the same number of keys (matching the number of contacts).

  8. Ge0rG

    When you use your app's Android package name as a XEP namespace, and people end up forking and search&replacing everything. 11142 eu.siacs.conversations.axolotl.devicelist 877 eu.siacs.xmpp_messenger.axolotl.devicelist 170 com.KDJStudios.XMPPJabberClient.axolotl.devicelist 147 eu.siacs.storizima.axolotl.devicelist 106 com.yaari.storizim.axolotl.devicelist 103 mob.titecs.cackle.axolotl.devicelist 10 com.kwikchat.app.axolotl.devicelist 7 de.nxmedia.app.android.c0nnect.axolotl.devicelist 5 com.securedsoftware.vaultim.axolotl.devicelist 4 com.a3india.conversations.axolotl.devicelist 3 lu.pgd.conversations.axolotl.devicelist 3 chat.conab.gov.br.axolotl.devicelist 2 xyz.glidermessenger.glider.axolotl.devicelist 2 de.tengu.chat.axolotl.devicelist 1 com.onionsearchengine.onionmessenger.axolotl.devicelist

  9. Ge0rG

    will the fork developers please stand up? *please stand up!*

  10. Sam

    Damn it; and now that's going to be stuck in my head all damn day.

  11. pulkomandy

    Always rot13 your xml namespaces to avoid accidental search and replaces?

  12. Ge0rG

    why not base64 it?

  13. Ge0rG

    or just use UUIDs

  14. jubalh

    I'm for base64 too

  15. edhelas

    🙄

  16. Ge0rG

    base64(hmac(uuid, session_id))

  17. Sam

    Office Hours starting in 10 minutes! https://socialcoop.meet.coop/sam-pku-dud-niv

  18. edhelas

    do you guys know some projects that send the MDP current playing song to PEP User Tune ?

  19. lovetox

    DMP?

  20. lovetox

    MDP?

  21. edhelas

    *MPD

  22. lovetox

    ok still dont know what that means

  23. lovetox

    Gajim can send the current tune to pep

  24. lovetox

    if you have a player with MPRIS plugin

  25. edhelas

    https://www.musicpd.org/

  26. lovetox

    or support

  27. lovetox

    em, ok its a application that runs on a server and plays music there

  28. lovetox

    and i can stream it or how can i listen to the music?

  29. edhelas

    yup :)

  30. edhelas

    so I was looking for a little daemon that can hook to it and publish the current tune to a configured JID

  31. edhelas

    should not be that difficult to write, but maybe there was already an existing script somewhere

  32. lovetox

    can a website access dbus?

  33. lovetox

    if your player has mpris support, and a website can access dbus, then you could get the current playing song via that

  34. lovetox

    i mean a client like movim could get it then

  35. lovetox

    but i guess websites can’t access dbus

  36. moparisthebest

    New from Google: WebDBUS

  37. edhelas

    time to do DBUS over XMPP

  38. moparisthebest

    Dbox