-
defanor
Sometimes I wonder whether basic symmetric encryption with manually managed keys may be a good fit for E2EE in instant messaging. The asymmetric ones aren't used to establish trust chains anyway, so the disadvantage I see is just the need for confidentiality in addition to integrity/authentication for key exchange/verification, but I think in practice much of the time one has either neither or both. While among the advantages are
-
defanor
simplicity, plausible deniability, and elimination of the more paranoid concerns. And it can be used both by itself or as a part of more complex protocols with automated session key establishment, relying on asymmetric cryptography. Were there any attempts to use it that way, and/or am I missing other notable disadvantages?
-
Ge0rG
defanor: https://op-co.de/tmp/SEX.html 😁
-
defanor
Ge0rG, that appears to rely on asymmetric/public-key cryptography, but thanks for the link, I haven't seen it before.
-
Ge0rG
ah right, looking for symmetric crypto. Not sure if it is a good idea over lean asymmetric with static per-user keys
-
Ge0rG
because you'd need N² keys instead of N keys
-
defanor
That's for the whole system, but each user individually would need the same number of keys (matching the number of contacts).
-
Ge0rG
When you use your app's Android package name as a XEP namespace, and people end up forking and search&replacing everything. 11142 eu.siacs.conversations.axolotl.devicelist 877 eu.siacs.xmpp_messenger.axolotl.devicelist 170 com.KDJStudios.XMPPJabberClient.axolotl.devicelist 147 eu.siacs.storizima.axolotl.devicelist 106 com.yaari.storizim.axolotl.devicelist 103 mob.titecs.cackle.axolotl.devicelist 10 com.kwikchat.app.axolotl.devicelist 7 de.nxmedia.app.android.c0nnect.axolotl.devicelist 5 com.securedsoftware.vaultim.axolotl.devicelist 4 com.a3india.conversations.axolotl.devicelist 3 lu.pgd.conversations.axolotl.devicelist 3 chat.conab.gov.br.axolotl.devicelist 2 xyz.glidermessenger.glider.axolotl.devicelist 2 de.tengu.chat.axolotl.devicelist 1 com.onionsearchengine.onionmessenger.axolotl.devicelist
-
Ge0rG
will the fork developers please stand up? *please stand up!*
-
Sam
Damn it; and now that's going to be stuck in my head all damn day.
-
pulkomandy
Always rot13 your xml namespaces to avoid accidental search and replaces?
-
Ge0rG
why not base64 it?
-
Ge0rG
or just use UUIDs
-
jubalh
I'm for base64 too
-
edhelas
🙄
-
Ge0rG
base64(hmac(uuid, session_id))
-
Sam
Office Hours starting in 10 minutes! https://socialcoop.meet.coop/sam-pku-dud-niv
-
edhelas
do you guys know some projects that send the MDP current playing song to PEP User Tune ?
-
lovetox
DMP?✎ -
lovetox
MDP? ✏
-
edhelas
*MPD
-
lovetox
ok still dont know what that means
-
lovetox
Gajim can send the current tune to pep
-
lovetox
if you have a player with MPRIS plugin
-
edhelas
https://www.musicpd.org/
-
lovetox
or support
-
lovetox
em, ok its a application that runs on a server and plays music there
-
lovetox
and i can stream it or how can i listen to the music?
-
edhelas
yup :)
-
edhelas
so I was looking for a little daemon that can hook to it and publish the current tune to a configured JID
-
edhelas
should not be that difficult to write, but maybe there was already an existing script somewhere
-
lovetox
can a website access dbus?
-
lovetox
if your player has mpris support, and a website can access dbus, then you could get the current playing song via that
-
lovetox
i mean a client like movim could get it then
-
lovetox
but i guess websites can’t access dbus
-
moparisthebest
New from Google: WebDBUS
-
edhelas
time to do DBUS over XMPP
-
moparisthebest
Dbox