MitM Flaw in Bitchat: Identity Is a Bitchat Challenge
supernetworks.orgI guess "don't roll your own crypto" is as valid as ever.
bitchat has a trivial MITM flaw with the favorite's identity system. i wrote up my thoughts around vibe coding cryptographic security and rolling a new protocol
Are there any tell-tale signs of vibecoding in the code base? Or are we at the point where we're using it as a pejorative for bad code?
i am not using it as a pejorative here, I am pretty sure that is the case for this code base, as every block has a comment describing the code that immediately follows
also i do not doubt jack's cryptography and encryption understanding, so this particular MitM flaw is almost certainly not what human steering would put together. x25519 APIs makes it both easy and simple to do identity persistence correctly, the code simply doesn't use the identity key cryptographically.
I'll stick with Briar, thanks.
Sounds like a feature and not a bug. 'Secure' but with enough holes for three letter agencies.