cross-posted from: https://lemmy.ml/post/93192

It’s not finished or anything, but I want potential vulnerabilities brought to my attention as soon as possible.

  • powerbling@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    3 years ago

    Hi, I was thinking about a similar solution and I thought it could be implemented with a kademila DHT so offline-receiving is implemented since I think this is a dealbreaker for many of the FOS private chats I tried. It still shouldn’t need a central server but I was wondering how can a user restore login credentials after losing them. Maybe with 12-word secret?

    • Yujiri@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      As for recovering a long-term key with a 12-word secret: yeah, we plan to have a feature like that in the future. My friend already implemented that in her own version (which was made a while ago and based on a pretty different idea of what the protocol would be, but it’s not hard to add)

    • Yujiri@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      As for offline receiving: are you suggesting storing messages in a DHT so that the recipient can receive them while you’re offline? That crossed my mind early in planning, but we decided against it because we don’t want to store things on peers that might go down at any time, and I’m not sure how it could work with forward secrecy anyway since every message requires a handshake (well, maybe if we used the axolotl/double rachet thingy, but that’s so much more complicated, I would not trust myself to implement it).

      • powerbling@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        Yes I was thinking about that dht use and I came across bitTorrent’s implementation of kademlia dht for trackerless torrents. You should look it up! More peers that are logically near the recipient keep the information so it is resistant to actors coming on and going off the dht.