Title.

I’ve used it before, but I’m not really sure how I feel about it. Would you use it on a day-to-day basis?

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    5 months ago

    https://getsession.org/session-protocol-technical-information

    Nope. Whenever anybody ask them, they refer to this and close the ticket

    I find their technical rationale, while welcome, a lot of hand waving to say they couldn’t figure out how to implement it, but it was not important because it’s not a big threat, because if somebody has the device they can get all the messages on the device anyway…

    Losing perfect forward secrecy for “simpler code” is a strong design choice they made. I respect them for documenting this, I wish them the best of success, but that’s not a trade-off I’m willing to make for no benefit