|
|
|
|
|
|
by martinralbrecht
1282 days ago
|
|
|
We had working exploits for those vulnerabilities where exploiting them wasn't immediately obvious. We shared those with the Matrix developers but didn't publish them because there was no dispute on whether our attacks were practical. So we meant it when we wrote "practically-exploitable". In an end-to-end encrypted setting a malicious server is precisely the adversary you defend against, not an edge case. |
|
|
To me, it looks pretty good on the surface, but I don’t know if I can convince myself that it’s secure. I’m not even sure if I could write down a precise definition of security here, without banging my head on it for a while.