|
|
|
|
|
|
by LinuxBender
804 days ago
|
|
|
In my opinion, if someone can break TLS such as getting your private keys then they are likely also in a position to poison your E2EE code. I use E2EE on IRC but the code is entirely separate from the IRC server. irssi-otr using OTR Off The Record library. Provided the IRC admin does not monitor private messages and kick me off for sending text they can not read, I can have private communication with any of my friends on any IRC server knowing full well that the admin can not read it. No amount of hacks or updates to the IRC server could possibly intercept and decrypt my messages regardless of whom compels the admin to make every effort to do so. This of course makes libotr a juicy target but that's another topic similar to xz but thankfully there are not yet a significant number of people using OTR, yet. This leaves the only remaining option of "obtaining secrets by large wrench in person" but there are countermeasures for that as well. |
|
|