jdev - 2022-04-05

  1. syrupthinker has left

  2. rq77 has joined

  3. rq77 has left

  4. thomaslewis has left

  5. Sam has left

  6. Sam has joined

  7. pulkomandy has left

  8. pulkomandy has joined

  9. thomaslewis has joined

  10. Sam has left

  11. Sam has joined

  12. thomaslewis has left

  13. lovetox has left

  14. Sam has left

  15. Sam has joined

  16. selurvedu has left

  17. Sam has left

  18. Sam has joined

  19. Kev has left

  20. Kev has joined

  21. marmistrz has joined

  22. Sam has left

  23. Sam has joined

  24. marmistrz has left

  25. kfv has left

  26. kfv has joined

  27. Sam has left

  28. atomicwatch has left

  29. Sam has joined

  30. selurvedu has joined

  31. atomicwatch has joined

  32. Martin has left

  33. Martin has joined

  34. Sam has left

  35. Sam has joined

  36. Apollo has joined

  37. nephele has joined

  38. Ingolf has joined

  39. nephele has left

  40. Sam has left

  41. Sam has joined

  42. kfv has left

  43. kfv has joined

  44. thomaslewis has joined

  45. thomaslewis has left

  46. lovetox has joined

  47. Yagizа has joined

  48. xnamed has left

  49. antranigv has joined

  50. antranigv has left

  51. Ingolf has left

  52. thomaslewis has joined

  53. thomaslewis has left

  54. nephele has joined

  55. Sam has left

  56. Sam has joined

  57. nephele has left

  58. nephele has joined

  59. TheCoffeMaker has left

  60. Sam has left

  61. Sam has joined

  62. msavoritias has joined

  63. nephele has left

  64. jgart has left

  65. nephele has joined

  66. nephele has left

  67. nephele has joined

  68. nephele has left

  69. nephele has joined

  70. Sam has left

  71. Sam has joined

  72. pasdesushi has joined

  73. Ingolf has joined

  74. nephele has left

  75. Sam has left

  76. antranigv has joined

  77. Sam has joined

  78. antranigv has left

  79. emus has joined

  80. Sam has left

  81. Ingolf has left

  82. Sam has joined

  83. wurstsalat has joined

  84. Sam has left

  85. lovetox has left

  86. lovetox has joined

  87. Sam has joined

  88. Sam has left

  89. syrupthinker has joined

  90. Alex has left

  91. marc has joined

  92. syrupthinker has left

  93. atomicwatch has left

  94. marmistrz has joined

  95. Ingolf has joined

  96. Sam has joined

  97. abdullahi has left

  98. abdullahi has joined

  99. Laura has left

  100. Sam has left

  101. antranigv has joined

  102. Alex has joined

  103. Sam has joined

  104. Sam has left

  105. pulkomandy has left

  106. nephele has joined

  107. marmistrz has left

  108. atomicwatch has joined

  109. debacle has joined

  110. nephele has left

  111. Laura has joined

  112. Sam has joined

  113. spectrum has left

  114. spectrum has joined

  115. marc has left

  116. Sam has left

  117. Sam has joined

  118. Laura has left

  119. antranigv has left

  120. antranigv has joined

  121. Sam has left

  122. Laura has joined

  123. Sam has joined

  124. marc has joined

  125. Sam has left

  126. abdullahi has left

  127. abdullahi has joined

  128. emus has left

  129. Matrix Traveler (bot) has left

  130. homebeach has left

  131. homebeach has joined

  132. Matrix Traveler (bot) has joined

  133. abdullahi has left

  134. abdullahi has joined

  135. antranigv has left

  136. Sam has joined

  137. abdullahi has left

  138. abdullahi has joined

  139. antranigv has joined

  140. Sam has left

  141. Sam has joined

  142. marc has left

  143. Sam has left

  144. testme has left

  145. emus has joined

  146. marc has joined

  147. Sam has joined

  148. Sam has left

  149. debacle has left

  150. abdullahi has left

  151. abdullahi has joined

  152. Apollo has left

  153. Sam has joined

  154. abdullahi has left

  155. abdullahi has joined

  156. abdullahi has left

  157. abdullahi has joined

  158. Sam has left

  159. Sam has joined

  160. goffi has joined

  161. Sam has left

  162. larma has joined

  163. abdullahi has left

  164. abdullahi has joined

  165. marc0s has left

  166. marc0s has joined

  167. abdullahi has left

  168. abdullahi has joined

  169. Apollo has joined

  170. Wojtek has joined

  171. antranigv has left

  172. xnamed has joined

  173. antranigv has joined

  174. abdullahi has left

  175. abdullahi has joined

  176. Sam has joined

  177. antranigv has left

  178. antranigv has joined

  179. kfv has left

  180. kfv has joined

  181. selurvedu has left

  182. Sam has left

  183. Sam has joined

  184. abdullahi has left

  185. abdullahi has joined

  186. Sam has left

  187. pulkomandy has joined

  188. Squeaky Latex Folf has left

  189. antranigv has left

  190. Squeaky Latex Folf has joined

  191. marmistrz has joined

  192. Sam has joined

  193. antranigv has joined

  194. Sam has left

  195. kfv has left

  196. kfv has joined

  197. kfv has left

  198. kfv has joined

  199. pulkomandy has left

  200. Laura has left

  201. antranigv has left

  202. Sam has joined

  203. Sam has left

  204. Sam has joined

  205. Sam has left

  206. Sam has joined

  207. Laura has joined

  208. TheCoffeMaker has joined

  209. antranigv has joined

  210. Sam has left

  211. TheCoffeMaker has left

  212. Sam has joined

  213. antranigv has left

  214. antranigv has joined

  215. Sam has left

  216. rubi has left

  217. Sam has joined

  218. Laura has left

  219. kikuchiyo has left

  220. Sam has left

  221. kikuchiyo has joined

  222. Laura has joined

  223. Laura has left

  224. Laura has joined

  225. Sam has joined

  226. wydulaz has joined

  227. wydulaz has left

  228. wydulaz has joined

  229. rq77 has joined

  230. TheCoffeMaker has joined

  231. wydulaz has left

  232. xecks has left

  233. J Marinaro has left

  234. Wojtek has left

  235. Wojtek has joined

  236. rubi has joined

  237. rom1dep has left

  238. rom1dep has joined

  239. selurvedu has joined

  240. nephele has joined

  241. dezant has left

  242. dezant has joined

  243. moparisthebest has left

  244. xecks has joined

  245. Nils has joined

  246. wydulaz has joined

  247. nephele has left

  248. Nils

    Hey there, I have some questions for anybody who can help. I'm having a really hard time figuring out how to have E2EE voice and video calls in XMPP. (If this is not the place to discuss such things, let me know, as I have just joined the group.) Anytime you have a call, is it just transport layer encryption or is end to end encryption baked into the base XEP that allows for calls? Or is the "XEP-0320: Use of DTLS-SRTP in Jingle Sessions" needed? Or is this XEP being implemented? "Verify encrypted A/V calls with OMEMO" https://gist.github.com/iNPUTmice/aa4fc0aeea6ce5fb0e0fe04baca842cd Also how does ZRTP factor into this? I have only found one client (ATalk on F-Droid) that explicitly states supporting ZRTP and only one (Conversations) that supports SRTP. My understanding is that these two protocols provide E2EE, not just transport layer. Is this correct? What is the advantage of ZRTP over SRTP? And is there any XMPP iOS client that supports any kind of end to end encryption for calls? I have not seen one, at least with clear documentation of that. I also do not see much clear documentation of which XEP's are implemented on servers that relate to a/v calls. Any information would be helpful, especially from those with links to documentation, sources of information, or server admins.

  249. xnamed has left

  250. wydulaz has left

  251. wydulaz has joined

  252. wydulaz has left

  253. MattJ

    Have you see https://gist.github.com/iNPUTmice/a28c438d9bbf3f4a3d4c663ffaa224d9#notes-for-developers too?

  254. MattJ

    Have you seen https://gist.github.com/iNPUTmice/a28c438d9bbf3f4a3d4c663ffaa224d9#notes-for-developers too?

  255. MattJ

    Not the standard, but it explains how they all fit together in an implementation

  256. MattJ

    Servers do nothing more than XEP-0215

  257. MattJ

    As for iOS, yes: Siskin supports encrypted calls

  258. xnamed has joined

  259. PapaTutuWawa has joined

  260. rq77 has left

  261. spectrum has left

  262. rafasaurus has left

  263. kfv has left

  264. nephele has joined

  265. nephele has left

  266. nephele has joined

  267. lovetox has left

  268. lovetox has joined

  269. antranigv has left

  270. nephele has left

  271. antranigv has joined

  272. kfv has joined

  273. xnamed has left

  274. rafasaurus has joined

  275. emus has left

  276. xnamed has joined

  277. jgart has joined

  278. spectrum has joined

  279. syrupthinker has joined

  280. lovetox has left

  281. lovetox has joined

  282. pulkomandy has joined

  283. kfv has left

  284. kfv has joined

  285. emus has joined

  286. msavoritias has left

  287. msavoritias has joined

  288. rq77 has joined

  289. debacle has joined

  290. PapaTutuWawa has left

  291. Alex has left

  292. msavoritias has left

  293. Laura has left

  294. Alex has joined

  295. Laura has joined

  296. thomaslewis has joined

  297. thomaslewis has left

  298. lovetox has left

  299. thomaslewis has joined

  300. thomaslewis has left

  301. lovetox has joined

  302. msavoritias has joined

  303. Sam has left

  304. Sam has joined

  305. Laura has left

  306. debacle has left

  307. Laura has joined

  308. stpeter has joined

  309. selurvedu has left

  310. Wojtek has left

  311. Wojtek has joined

  312. lovetox has left

  313. Beherit has joined

  314. qwestion has joined

  315. xecks has left

  316. xecks has joined

  317. norayr has joined

  318. lovetox has joined

  319. xecks has left

  320. xecks has joined

  321. marc has left

  322. xecks has left

  323. xecks has joined

  324. nephele has joined

  325. lovetox has left

  326. PapaTutuWawa has joined

  327. lovetox has joined

  328. nephele has left

  329. Wojtek has left

  330. nephele has joined

  331. Wojtek has joined

  332. nephele has left

  333. nephele has joined

  334. marc has joined

  335. nephele has left

  336. lovetox has left

  337. nephele has joined

  338. nephele has left

  339. rq77 has left

  340. marc has left

  341. marc has joined

  342. Laura has left

  343. lovetox has joined

  344. lovetox has left

  345. rafasaurus has left

  346. lovetox has joined

  347. rafasaurus has joined

  348. rom1dep has left

  349. rom1dep has joined

  350. qwestion has left

  351. xnamed has left

  352. nephele has joined

  353. lovetox

    when a server offers scram1, 256, 512

  354. lovetox

    is it his job to have the password hash for all of them?

  355. lovetox

    meaning if the server had previously only 1 and 256, he can just add 512

  356. lovetox

    because he does not have the hash for 512

  357. Sam

    You wouldn't be able to just add 512 if you don't have the hash; there is no good upgrade mechanism for scram

  358. lovetox

    Sam believe me people definitly wood

  359. lovetox

    because they have no clue what it is

  360. lovetox

    but thats my point, its not my problem as a client dev

  361. lovetox

    because someone bugged me about adding 512

  362. Sam

    oh, I'm sorry, I thought you were asking, maybe I'm missing context.

  363. lovetox

    and that means gajim now chooses 512 if available

  364. Sam

    512 isn't even a standardized thing yet, hopefully nothing changes before/if it ever becomes a standard

  365. abdullahi has left

  366. abdullahi has joined

  367. lovetox

    yes i know, but the one guy we all know about bugged all projects about it

  368. lovetox

    so they started adding it

  369. qy

    Neustradamus bugged everyone with a client, i think safe to ignore

  370. Sam

    Yes, I blocked him and didn't add it for that reason :)

  371. lovetox

    then users installed servers, without knowing what they did and activated it everywhere

  372. Sam

    Anyways, it's not likely to change, I'd just be worried that the working group would decide to add an upgrade mechanism or something then it would be incompatible with all the already deployed made up versions

  373. Sam

    But it will probably be okay.

  374. lovetox

    server manuals should put a big red sign on that setting

  375. lovetox

    describing in detail what it does to users

  376. lovetox

    like default is SCRAM-1

  377. lovetox

    and then a big red warning, dont activate anything else except you know what you are doing

  378. nephele has left

  379. Sam

    Yah, probably so

  380. Zash

    did we even document that?

  381. lovetox


  382. lovetox

    but there is a upgrade mechanism that comes to mind

  383. xnamed has joined

  384. lovetox

    switch the server to PLAIN, receive the pass, simulate the client hasing it and find the hash, afterwards rehash?

  385. Sam

    That will be seen as a downgrade attack by some clients

  386. Sam

    (Conversations in particular pins the mechanism and won't allow downgrade to an insecure one)

  387. lovetox

    but thats easily solved

  388. lovetox

    user deletes acc from C and readds it

  389. lovetox

    but yeah thats bothersome

  390. Sam

    That seems like extremely bad UX for the user

  391. lovetox

    then the user can just change the pass :D

  392. Sam

    Yah, forcing a passsword reset is annoying but is one way

  393. Sam

    (assuming they have a client that can do that)

  394. lovetox


  395. lovetox

    but i can still get around C

  396. lovetox

    ah no

  397. Matrix Traveler (bot) has left

  398. homebeach has left

  399. homebeach has joined

  400. Matrix Traveler (bot) has joined

  401. lovetox

    it just will not send the pass damn

  402. Zash

    SASL2? SASL2!

  403. stpeter has left

  404. kikuchiyo has left

  405. Sam

    Honestly, while I do encourage the support for SCRAM which has applications where it's extremely useful, for general chat servers I'd just only allow PLAIN. It's probably safer against the kinds of real attacks that matter just because it's got hash agility, which is an *extremely* important property to have.

  406. nephele has joined

  407. Sam

    [citation needed]

  408. Zash

    feels bad man

  409. nephele has left

  410. nephele has joined

  411. COM8 has joined

  412. xnamed has left

  413. nephele has left

  414. nephele has joined

  415. rq77 has joined

  416. COM8 has left

  417. COM8 has joined

  418. COM8 has left

  419. kikuchiyo has joined

  420. nephele has left

  421. nephele has joined

  422. COM8 has joined

  423. COM8 has left

  424. Laura has joined

  425. Link Mauve

    Sam, storing passwords in plain text is a really bad idea in my book.

  426. Link Mauve

    And if you store them hashed and do the PLAIN → SCRAM dance on the server it’ll take a huge lot of CPU power.

  427. lovetox

    yeah and there is no benefit or?

  428. lovetox

    you can just store them hashed

  429. Link Mauve

    But then you can only upgrade them on connection, which might not happen in a decade (or ever) for some users.

  430. lovetox

    ok, after a decade, i return an error text that says: you didnt loggin for a decade, call me if you want your acc back

  431. debacle has joined

  432. Matrix Traveler (bot) has left

  433. homebeach has left

  434. homebeach has joined

  435. Matrix Traveler (bot) has joined

  436. xnamed has joined

  437. antranigv has left

  438. abdullahi has left

  439. abdullahi has joined

  440. qwestion has joined

  441. rom1dep has left

  442. antranigv has joined

  443. Sam

    Link Mauve: Obviously you should not store passwords in plain text, you should hash them. PLAIN says nothing about how it's stored.

  444. Sam

    It's not perfect, it's better than SCRAM. Most of the time hashes aren't broken completely right away, instead you get things like SHA-1 showing weaknesses for a while. At that point you can start the upgrade process for users as they log in. Eventually if it is broken entirely, then you issue a password reset email or whatever to any remaining users and disable the old hashes.

  445. rom1dep has joined

  446. qy has left

  447. Link Mauve

    (Not a reply to you, but) SHA-1 being broken means nothing to SCRAM-SHA-1, which is still perfectly fine.

  448. Link Mauve

    It’s a common misconception though, which might have prompted Neustradamus to go on his crusade.

  449. qwestion has left

  450. Sam

    Oh yah, definitely, sorry, bad example

  451. Link Mauve

    Sam, we don’t have any mechanism for prompting a password reset atm, if we don’t know the email of a specific user they just get locked out. :(

  452. Sam

    Yah, that's also a huge problem

  453. kfv has left

  454. kfv has joined

  455. selurvedu has joined

  456. antranigv has left

  457. qy has joined

  458. stpeter has joined

  459. nephele has left

  460. nephele has joined

  461. stpeter has left

  462. qwestion has joined

  463. MattJ

    It's something I'll be working on this year

  464. Sam

    Extensible IBR was originally going to cover this sort of thing, but I never saw much interest in adoption so maybe something else is needed that's simpler

  465. Apollo has left

  466. thomaslewis has joined

  467. thomaslewis has left

  468. PapaTutuWawa has left

  469. Kev

    Didn't Dave's SASL2 stuff cover this? Or was that only in principle?

  470. MattJ

    It does, I'm planning to implement it

  471. Zash

    Someone with motivation and free time really ought to look at {IBR,SASL,BIND}2 :tm:

  472. antranigv has joined

  473. Kev

    You have no idea how much I want to have the time (and/or one of the team's time) to properly look at stream startup things.

  474. Nils

    MattJ: Thank you, just read that Github page. So if I understand you right, servers implement XEP-0215 and SRTP encryption is handled on the client side? Is there a way to know if a specific call I'm having is encrypted with SRTP? I know ATalk does this but I would love to see it in Conversations or Blabber.im. And where did you find out that Siskin supports encrypted calls? Do you have a link? Thanks so much for the info.

  475. MattJ

    Conversations only supports encrypted calls, so anything that can successfully call with Conversations is using encryption

  476. Zash

    I think Dino might have a thing showing some encryption details?

  477. MattJ

    I guess that's also why Conversations doesn't show encryption status - there is only one possibility :)

  478. Zash

    Can't you do calls without OMEMO then?

  479. MattJ

    Yes, the call encryption is unrelated to OMEMO, it uses temporary keys

  480. Kev has left

  481. Kev has joined

  482. MattJ

    So I mean, "no, you can do calls without OMEMO"

  483. nephele has left

  484. nephele has joined

  485. Link Mauve

    Conversations also created a mechanism for reusing an OMEMO session to validate the DTLS-SRTP key exchange IIRC.

  486. MattJ

    If you have an OMEMO session with the contact, it also signs them via that so they can be verified

  487. Link Mauve

    Right, that.

  488. abdullahi has left

  489. nephele has left

  490. nephele has joined

  491. Zash

    Where things (ZRTP things?) might show some fingerprints for manual verification otherwise

  492. Kev has left

  493. Kev has joined

  494. pasdesushi has left

  495. Kev has left

  496. xnamed has left

  497. pasdesushi has joined

  498. xnamed has joined

  499. nephele has left

  500. qy has left

  501. abdullahi has joined

  502. Yagizа has left

  503. Wojtek has left

  504. edhelas has left

  505. Wojtek has joined

  506. edhelas has joined

  507. qwestion has left

  508. qy has joined

  509. qwestion has joined

  510. Kev has joined

  511. Wojtek has left

  512. Beherit has left

  513. msavoritias has left

  514. Alex has left

  515. Apollo has joined

  516. thomaslewis has joined

  517. thomaslewis has left

  518. lovetox has left

  519. Alex has joined

  520. Alex has left

  521. xecks has left

  522. qwestion has left

  523. antranigv has left

  524. antranigv has joined

  525. marc0s has left

  526. marc0s has joined

  527. syrupthinker has left

  528. lovetox has joined

  529. pasdesushi has left

  530. goffi has left

  531. larma has left

  532. antranigv has left

  533. antranigv has joined

  534. larma has joined

  535. thomaslewis has joined

  536. thomaslewis has left

  537. dezant has left

  538. wop001@no-bullchat.net has joined

  539. Nils

    Okay that's really good to know. Do you know if Blabber.im as it is a fork of Conversations, does the same forcing encryption thing? And just to be sure, you are talking about E2EE calls right?

  540. Laura has left

  541. wop001@no-bullchat.net has left

  542. dezant has joined

  543. antranigv has left

  544. antranigv has joined

  545. larma has left

  546. Squeaky Latex Folf has left

  547. wop001@no-bullchat.net has joined

  548. thomaslewis has joined

  549. antranigv has left

  550. antranigv has joined

  551. thomaslewis has left

  552. wurstsalat has left

  553. wop001@no-bullchat.net has left

  554. emus has left

  555. debacle has left

  556. marc has left

  557. dezant has left

  558. dezant has joined