Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://friedcheese.us/objects/773800c8-22f0-455d-ad44-6e2625f8b117">feld (feld@friedcheese.us)'s status on Thursday, 15-May-2025 08:47:19 JST</a><a href="https://friedcheese.us/users/feld" title="feld@friedcheese.us"><img src="https://gnusocial.jp/avatar/274913-48-20241012191855.webp" width="48" height="48" alt="feld" style="position: absolute; left: 0; top: 0;">feld</a><div><a href="https://fosstodon.org/@treefit/114508744612282667" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/105643" title="kaidan@fosstodon.org">Kaidan :xmpp: :kdenew:</a></li><li><a href="https://gnusocial.jp/user/140868" title="treefit@fosstodon.org">treefit</a></li><li><a href="https://gnusocial.jp/user/343366" title="desirable_dialogue@ni.hil.ist">desirable_dialogue</a></li><li><a href="https://gnusocial.jp/user/345482" title="uhuru@snac.el-hoyo.net">uhuru</a></li></ul></div></section><article><a href="https://fosstodon.org/@treefit">@treefit</a> <a href="https://ni.hil.ist/@desirable_dialogue">@desirable_dialogue</a> <a href="https://snac.el-hoyo.net/social/uhuru">@uhuru</a> <a href="https://fosstodon.org/@dino">@dino</a> <a href="https://fosstodon.org/@kaidan">@kaidan</a> <br><br>&gt; <a href="https://friedcheese.us/tag/deltachat" rel="tag">#DeltaChat</a> has no forward secrecy.<br><br>True, but forward secrecy is only useful if you use disappearing messages. Because if your messages don't disappear, they'll just read the chat history right off your confiscated device.<br><br>There is a PFS implementation that has been sketched out and seems solid, but hasn't been tested yet.<br><br>&gt; And depended on SHA-1 and using MD5.<br><br>DeltaChat uses the same ed25519-dalek Rust crate as Signal and relies on AES-128 for the session keys. When the PQC standard is finalized this summer it will roll out PQC crypto and bump to AES-256. The hash is SHA256.<br><br>You could just read the source code instead of making things up or regurgitating PGP information from the late 1990s.<br><br><a href="https://github.com/chatmail/core/blob/47b9bfc8bf807ad099d2211a59d6ba80290b0c95/src/pgp.rs#L28-L31">https://github.com/chatmail/core/blob/47b9bfc8bf807ad099d2211a59d6ba80290b0c95/src/pgp.rs#L28-L31</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5054886#notice-9909362">In conversation</a><time datetime="2025-05-15T08:47:19+09:00" title="Thursday, 15-May-2025 08:47:19 JST">about 3 days ago</time> <span>from <span><a href="https://friedcheese.us/objects/773800c8-22f0-455d-ad44-6e2625f8b117" rel="external" title="Sent from friedcheese.us via ActivityPub">friedcheese.us</a></span></span><a href="https://friedcheese.us/objects/773800c8-22f0-455d-ad44-6e2625f8b117">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: repository-images.githubusercontent.com</div><h5><a href="https://github.com/chatmail/core/blob/47b9bfc8bf807ad099d2211a59d6ba80290b0c95/src/pgp.rs#L28-L31">core/src/pgp.rs at 47b9bfc8bf807ad099d2211a59d6ba80290b0c95 · chatmail/core</a></h5><div></div></header><div>Chatmail Rust Core library, used by Android/iOS/desktop apps, bindings and bots 📧  - chatmail/core</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
feld (feld@friedcheese.us)'s status on Thursday, 15-May-2025 08:47:19 JSTfeld
in reply to
@treefit @desirable_dialogue @uhuru @dino @kaidan

> #DeltaChat has no forward secrecy.

True, but forward secrecy is only useful if you use disappearing messages. Because if your messages don't disappear, they'll just read the chat history right off your confiscated device.

There is a PFS implementation that has been sketched out and seems solid, but hasn't been tested yet.

> And depended on SHA-1 and using MD5.

DeltaChat uses the same ed25519-dalek Rust crate as Signal and relies on AES-128 for the session keys. When the PQC standard is finalized this summer it will roll out PQC crypto and bump to AES-256. The hash is SHA256.

You could just read the source code instead of making things up or regurgitating PGP information from the late 1990s.

https://github.com/chatmail/core/blob/47b9bfc8bf807ad099d2211a59d6ba80290b0c95/src/pgp.rs#L28-L31
In conversationabout 3 days ago from friedcheese.uspermalink
Attachments
1. Domain not in remote thumbnail source whitelist: repository-images.githubusercontent.com
  core/src/pgp.rs at 47b9bfc8bf807ad099d2211a59d6ba80290b0c95 · chatmail/core
  Chatmail Rust Core library, used by Android/iOS/desktop apps, bindings and bots 📧 - chatmail/core

Public

Embed Notice

HTML Code

Corresponding Notice