New design sets a high standard for post-quantum readiness.
Do they still require a phone number?
Submitted 1 day ago by BrikoX@lemmy.zip to technology@lemmy.zip
New design sets a high standard for post-quantum readiness.
Do they still require a phone number?
Only for account creation, afterwards you can hide it and use username.
How is this different than SimpleX’s NTRU algorithm?
I believe it’s the same thing I noted in another comment - lemmy.world/comment/19924290
Basically session key vs rotating session key, but to be honest I only skimmed your link as it got dense fast.
SimpleX has that with temporary addresses.
ignirtoq@fedia.io 1 day ago
What are we defining as a "session" for Signal? The vast majority of TLS sessions exist for the duration of pulling down a web page. Dynamically interact with that page? New HTTP request backed by a new TLS session. Sure, there are exceptions like WebSockets, but by and large TLS sessions are often short.
Is a Signal session the duration of sending a single message? An entire conversation? The entire time you have someone in your address book? It doesn't seem like an apples-to-apples comparison.
jacksilver@lemmy.world 1 day ago
I think the biggest thing here is that beyond just a session key (to make sessions secure from each other), this approach uses a rotating session key. That means each transaction in a sesssion is unique ensuring forward and backward secrecy.
I may have read it wrong plus cybersecurity is not my forte.
Valmond@lemmy.world 1 day ago
Isn’t asymmetric used for the handshake only? And then like AES or something which have evolving keys (and are quite quantum resistant).