Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor. Afterwards, I had several people ask me what I think of a Signal fork c…
But the title is a little click-baity,
“Session’s encryption is not the best”,
would be a more honest title.
I agree that this would be a better title, but it still belies the deeper points: the Session devs made sloppy or weak cryptographic decisions when there’s no seemingly reasonable justification for them. It points to a lack of understanding, ignorance, or possibly malicious intent (though the last seems less likely to me).
So, what happens when they do something really wrong? Doesn’t seem that far-fetched that it’s a matter of “when,” given how they’ve implemented everything else.
I agree that this would be a better title, but it still belies the deeper points: the Session devs made sloppy or weak cryptographic decisions when there’s no seemingly reasonable justification for them. It points to a lack of understanding, ignorance, or possibly malicious intent (though the last seems less likely to me).
So, what happens when they do something really wrong? Doesn’t seem that far-fetched that it’s a matter of “when,” given how they’ve implemented everything else.