Don’t Use Session (Signal Fork) - Dhole Moments
soatok.blog
Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor. Afterwards, I had several people ask me what I think of a Signal fork c…

Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor.

Afterwards, I had several people ask me what I think of a Signal fork called Session. My answer then is the same thing I’ll say today:

Don’t use Session.

  • haverholm@kbin.earth
    14·
    9 hours ago

    I weren’t even aware it was a Signal fork! What kept me away was their heavy integration of the Oxen crypto token (now apparently replaced with their own “Session token” instead). Anything that deep into web3 is a red flag to me, but the security flaws discussed in the above blog post look white hot.

    • LWD@lemm.eeEnglish
      1·
      44 minutes ago

      the Oxen crypto token

      Oxen is the company behind Session, for anybody unfamiliar. They were a crypto company that made (well, cloned) a messaging app to promote this token.

      And Oxen itself was a clone of Monero.

  • jet@hackertalks.comEnglish
    13·
    10 hours ago

    Strong agree. Session is not security focused it’s marketing focused. Last I checked they still use central servers for file uploads.

  • peregus@lemmy.worldEnglish
    32·
    6 hours ago

    It would be nice to read the basic points of your statement, then if someone wants to go in detail, there’s the link to your article.

      • peregus@lemmy.worldEnglish
        11·
        2 hours ago

        Ops. However a small TL;DR would be useful instead of just copying/pasting links.

        • Soatok Dreamseeker@pawb.socialEnglish
          1·
          1 hour ago

          TL;DR from oss-security:

          At a glance, what I found is the following:

          1. Session only uses 128 bits of entropy for Ed25519 keys. This means their ECDLP is at most 64 bits, which is pretty reasonably in the realm of possibility for nation state attackers to exploit.
          2. Session has an Ed25519 verification algorithm that verifies a signature for a message against a public key provided by the message. This is amateur hour.
          3. Session uses an X25519 public key as the symmetric key for AES-GCM as part of their encryption for onion routing.

          Additional gripes about their source code were also included in the blog post.