A bit more on Twitter/X's new encrypted messaging
a year ago
- #encryption
- #XChat
- #security
- XChat's end-to-end encryption lacks forward secrecy, encrypting messages under recipients' long-term public keys.
- User private keys are stored on X's servers, accessible via PIN, without Hardware Security Modules (HSMs) for protection.
- Juicebox, X's key storage protocol, shards keys across three servers but all under X's control, raising security concerns.
- Juicebox aims to strengthen weak passwords using threshold OPRFs but relies on server enforcement of guess limits.
- X's Juicebox deployment appears to use software-based servers without HSMs, making it vulnerable to brute-force attacks.
- Threshold OPRFs in Juicebox allow distributed key generation but require careful implementation to prevent attacks.
- Potential attacks include server impersonation and replay attacks, highlighting the complexity of secure distributed protocols.