|
|
|
|
|
|
by mrusme
477 days ago
|
|
|
I'm a fan and active user of XMPP. However, it unfortunately is true that encryption is a can of worms. OMEMO should be the standard, yet there is fragmentation in terms of the specific OMEMO spec version that clients use. Not even the most prominent clients keep up with the latest spec, as can be seen here [1]. One of the issues is, that everything prior to 0.4.0 uses AES-128-GCM, instead of the standard that is used by other platforms (eg Signal), that is AES-256-CBC with HMAC-SHA-256. In plain English this means that most mainstream XMPP clients do not offer encryption at a level that can and should be expected these days. [1]: https://xmpp.org/extensions/#xep-0384-implementations |
|
|