You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A known vulnerability of most handshakes (like Signal's) which allows the bearer of private keys to impersonate anyone to the original owner of that key. This is a very serious problem.
First: Does Olm have that vulnerability?
I came across this in a very interesting protocol, the 'Secret Handshake' or shs. Github Design Paper
It bring forward an interesting concept: To enable developers to think of private and public keys as access rights. This is a very powerful concept, which is defeated by the KCI vulnerability.
Edit: Fixed mistake. Latin background playing tricks with me.
The text was updated successfully, but these errors were encountered:
A known vulnerability of most handshakes (like Signal's) which allows the bearer of private keys to impersonate anyone to the original owner of that key. This is a very serious problem.
First: Does Olm have that vulnerability?
I came across this in a very interesting protocol, the 'Secret Handshake' or shs.
Github
Design Paper
It bring forward an interesting concept: To enable developers to think of private and public keys as access rights. This is a very powerful concept, which is defeated by the KCI vulnerability.
Edit: Fixed mistake. Latin background playing tricks with me.
The text was updated successfully, but these errors were encountered: