Replying to Avatar ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

i'm not sure you understand the function of encryption nonces, they ensure that for every message the secret is effectively a new one... there is zero chance of a plaintext attack in this, so long as the quality of the entropy of the nonce is adequate

i agree that there should be padding but i don't think it should be the stupid "pad out to next power of 2" of nip-44 is retarded

it should just be a random amount extra and you just put a zero byte at the end of the actual string and fill the rest with garbage... i've written what i think is an adequate message length obfuscation method on indra

so, yeah, no, there is zero risk of a plaintext attack even if people keep saying "hi" over and over again in their messages

the nip-44 scheme is seriously wasteful of data size with its power of two scheme, and doesn't really help anything, and it doesn't matter if the padding is noise or spaces because it's already obscured by the combination of the shared secret combined with the nonce

auth and not letting users see other people's messages solves way more problems than this retarded complicated nip-44 scheme, that is also wasteful of data size
Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

this is why i'm so mad about people not understanding the point of nip-42 and it's centrally about the fucking DM privacy!!!!

plaintext attacks are not a real threat

not being able to read your own messages is a real threat to usability

verifying that relays are properly gating access to DMs is easy and cheap and is easy to stop any attempts to game this and appear that you are not giving them away

yes, relays have privilege to see them of course, but this is far better than opening up the whole world to see it

nip-44 is not solving any real problems for DMs compared to having auth

Reply to this note

Please Login to reply.

Discussion

Avatar
Vitor Pamplona 1y ago

Most people are not using authed relays for DMs. And likely they never will. The DM solution we made was explicitly designed for that in mind.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

you are never going to solve this problem while you let stupid people building shitty clients (and not you, or hzrd or hodlbod, you all have implemented auth) you can't protect users from bad shit without at least providing your own system with teh right best practices implementation

if you let other people's bad designs impact your engineering decisions and in doing so reduce the security of your users, that's on you, you can't palm that off to the dumbasses who don't do it right... clear up your understanding of what you CAN do and stop talking about difficult problems that are much harder puzzles