Comment on X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch
FreedomAdvocate@lemmy.net.au 4 weeks agoNo - did you even read the article? An x employee confirmed that they’re using the “special” servers to store the keys that mean that they cannot see them. The author then says that the employee confirming it doesn’t mean they do, because the author doesn’t want it to be true.
Natanael@infosec.pub 4 weeks ago
There are hardware for that called hardware security modules, but yeah I definitely wouldn’t trust Twitter’s implementation - especially because they probably just need the auth team to tell the HSM that the user logged in when they didn’t to get that key
FreedomAdvocate@lemmy.net.au 4 weeks ago
So again, you think you know better than the employee simply because you want it to be done incorrectly.
Natanael@infosec.pub 4 weeks ago
I’ve run a cryptography forum for 10 years. I can tell snake oil from the real deal.
Musk’s Twitter doesn’t know how to do key distribution.
FreedomAdvocate@lemmy.net.au 3 weeks ago
So again - you just don’t want it to be true, and you think the people that know more than you about it are lying.