Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Whether the chat key is secure #323

Closed
ShareTheWorld opened this issue Dec 29, 2022 · 2 comments
Closed

Whether the chat key is secure #323

ShareTheWorld opened this issue Dec 29, 2022 · 2 comments

Comments

@ShareTheWorld
Copy link

const id = ${community.publicKey}${uuid}
const contentTopic = idToContentTopic(id)
const symmetricKey = await generateKeyFromPassword(id)

return new Chat({
  client,
  uuid,
  id,
  contentTopic,
  type,
  symmetricKey,
  description,
})

Your public Key and uuid are concatenated into ids. Then hashes Keccak256(id) with the id to get the contentTopic. Finally use PBKDF2(id) to get the chat key.
Since Publickeys and uuid are public, are topic and key unsafe?
@felicio
Copy link
Collaborator

felicio commented Jan 3, 2023

Hi, the snippet applies to channels and can technically be used by anyone to read messages of Communities that don't have the Encrypted option enabled.

The web client is till missing the encryption layer which would allow it to support this type of Communities.

Desktop app, on the other hand, already supports them and uses a "Hash Ratchet" algorithm, a double ratchet variant, for it.

More info at:

– https://discord.com/channels/864066763682218004/865466680129880074/1058202405583474688

@felicio felicio closed this as completed Jan 3, 2023
@felicio
Copy link
Collaborator

felicio commented Jan 3, 2023

Follow up #324

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ShareTheWorld @felicio