Settings

Theme

MitM Flaw in Bitchat: Identity Is a Bitchat Challenge

supernetworks.org

7 points by spr-alex a year ago · 7 comments

Reader

zith a year ago

I guess "don't roll your own crypto" is as valid as ever.

spr-alexOP a year ago

bitchat has a trivial MITM flaw with the favorite's identity system. i wrote up my thoughts around vibe coding cryptographic security and rolling a new protocol

  • NitpickLawyer a year ago

    Are there any tell-tale signs of vibecoding in the code base? Or are we at the point where we're using it as a pejorative for bad code?

    • spr-alexOP a year ago

      i am not using it as a pejorative here, I am pretty sure that is the case for this code base, as every block has a comment describing the code that immediately follows

      also i do not doubt jack's cryptography and encryption understanding, so this particular MitM flaw is almost certainly not what human steering would put together. x25519 APIs makes it both easy and simple to do identity persistence correctly, the code simply doesn't use the identity key cryptographically.

31337Logic a year ago

I'll stick with Briar, thanks.

d00mB0t a year ago

Sounds like a feature and not a bug. 'Secure' but with enough holes for three letter agencies.

Keyboard Shortcuts

j
Next item
k
Previous item
o / Enter
Open selected item
?
Show this help
Esc
Close modal / clear selection