Comment

Comment on X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch

<- View Parent

Natanael@infosec.pub ⁨1⁩ ⁨day⁩ ago

If you can’t demonstrate that you know more about cryptography then me, it’s time for you to admit you’re wrong

source

Sort:hotnew top

FreedomAdvocate@lemmy.net.au ⁨1⁩ ⁨day⁩ ago
You said this

There are hardware for that called hardware security modules, but yeah I definitely wouldn’t trust Twitter’s implementation - especially because they probably just need the auth team to tell the HSM that the user logged in when they didn’t to get that key

So again - you’re just hoping that they’ve done it wrong, based on nothing other than you wanting them to have done it wrong. They’ve told you they did, but you don’t believe them based on…nothing…nothing whatsoever…other than your hatred.

Feel free to tell me how your knowledge of cryptography proves that it’s done incorrectly though. Please.

source
- Natanael@infosec.pub ⁨1⁩ ⁨day⁩ ago
  This is incoherent bullshit.
  
  You’re choosing to pretend it’s nothing so you can dismiss legitimate criticism.
  
  An engineer hearing about some novice trying to build a plane using difficult methods that only one or two companies with immense expertise has succeeded at would be correct to assume that plane would be unsafe.
  
  A doctor hearing about a tiny clinic attempting treatments that only big medical research facilities have pulled off are correct to assume they’re charlatans.
  
  A cryptographer hearing about somebody attempting to build E2EE using methods that very few are capable of implementing correctly and without having the expertise on hand are correct to call that snakeoil.
  
  Cryptography is INFAMOUSLY complex. E2EE is infamously difficult to make easy.
  
  There’s a reason almost everybody copies Signal’s protocol, and that everybody else who does it in-house keeps having vulnerabilities.
  
  Multi user key management specifically is wildly complex.
  
  Twitter/X has only displayed signs of LACKING the necessary expertise.
  
  To pretend that’s wishful thinking from me just reveals how little you care about expertise.
  
  source
  - FreedomAdvocate@lemmy.net.au ⁨1⁩ ⁨day⁩ ago
    You have seen nothing to say that they aren’t doing it correctly, or that the employee who confirmed that they are doing it correctly lied.
    
    You’re literally just full of copium and hopium because you hate Elon.
    
    source
    Natanael@infosec.pub ⁨1⁩ ⁨day⁩ ago
    Again, you sound like an antivaxxer, and you’re ignoring his history of failure, including SPECIFICALLY FAILING AT ENCRYPTED DM BEFORE
    
    theverge.com/…/twitter-encrypted-dm-security-vuln…
    
    You’re questioning experts with absolutely no justification other than your own animosity, assuming the experts too are driven by animosity instead of true concerns
    
    source
    -> View More Comments