Avatar
calle 5mo ago

💥 finally established a successful handshake with the new iOS version of btichat that uses noise xx encryption with forward secrecy.

I ended up forking the noise-java crypto library (used in signal) and had to make open heart surgery so it supports static keys instead of generating new ones for each session.

still buggy af and the handshake only works 10% of the time but seeing this fucking lock turn green has been the most valuable learning experience I've had in the last year.

I know kung fu.

Reply to this note

Please Login to reply.

Discussion

Avatar
calle 5mo ago

words cannot express the dread and misery when nothing works, and you're facing a crypto library you've never worked with, and *nothing* makes sense to you, but you've got to fix the fucking issue.

Avatar
Garbage nsec 5mo ago

please don't forget about cashu, yo

be like TSMC, just make the chips. don't be like samsung and make the chips and the phones and the washing machines too.

Avatar
calle 5mo ago

Rest assured, when I work on a transport protocol, 95% of my motivation is to send nuts around and find out

Avatar
hasky 5mo ago

Woman work !! So proud of empower woman

Avatar
Leo Wandersleb 5mo ago

The mental state to still try and search and look into documentation and into source code and ask in forums and open issues and basically run against the same concrete wall 100 times knowing it will eventually crumble or you have to write your own library which means you run against concrete walls 1000 times ... that's being a developer, isn't it?

3c
, 5mo ago

You think they're bugs you're fixing? Interesting

Avatar
ManyKeys 5mo ago

Super interesting work! Kudos!

But isn't using static keys with Noise XX kind of losing the point of perfect forward secrecy? If you use static keys and those get compromised, won't past sessions be exposed? Would love to hear how you're thinking about forward secrecy here.

#nostr #btichat

Avatar
calle 5mo ago

good question but no this is part of the xx pattern. you have ephemeral keys and static keys, the static ones can be used for authentication. the ephemeral keys are different for each session.

the protocol refreshes sessions every x messages so you'll only be able to decipher messages until then.

Avatar
rapadu 5mo ago

Moin💥

Do you get enough sleep with your insane productivity?

You’re doing invaluable work - thank you!!

Avatar
OgFOMK ArTS 5mo ago

In the Army I set up networks with other team members over the civilian telephone lines in the 1990s. Everything was encrypted but sometimes nothing worked as fast as we wanted. The messages were very simple.

One mission we had a lot of assets trying to coordinate and the network cracked and popped over the POTS (PLAIN OLD TELEPHONE SYSTEM). We were set up for the fastest baud possible. I asked my commander if we could do half speed. I said, Sir let's just train with half speed because the computers cannot distinguish data from pops and cracks in the lines.

The whole division got the message and it worked! We had been sitting ducks for hours before this. I was very happy to say the least. Maybe there is a speed issue with encryption? I'm other words, the Hey you, this is me might be too fast.

Avatar
gandlaf21 5mo ago

d3
Leafophonist 5mo ago

Can this be built into Briar? It has Bluetooth, WiFi, and SD card ability to sesd messages. Would be cool to see a mesh network sending cashu.