Don’t Use Session (Signal Fork) - Dhole Moments
soatok.blog
Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor. Afterwards, I had several people ask me what I think of a Signal fork c…

Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor.

Afterwards, I had several people ask me what I think of a Signal fork called Session. My answer then is the same thing I’ll say today:

Don’t use Session.

  • @peregusEnglish
    02 hours ago

    Ops. However a small TL;DR would be useful instead of just copying/pasting links.

    • Soatok DreamseekerEnglish
      158 minutes ago

      TL;DR from oss-security:

      At a glance, what I found is the following:

      1. Session only uses 128 bits of entropy for Ed25519 keys. This means their ECDLP is at most 64 bits, which is pretty reasonably in the realm of possibility for nation state attackers to exploit.
      2. Session has an Ed25519 verification algorithm that verifies a signature for a message against a public key provided by the message. This is amateur hour.
      3. Session uses an X25519 public key as the symmetric key for AES-GCM as part of their encryption for onion routing.

      Additional gripes about their source code were also included in the blog post.