search

TheGreenPig / Apate

A BetterDiscord Plugin that allows End-to-End encryption and hiding messages in messages!
65 stars 17 forks source link

Question regarding E2E encryption #47

Closed FlyingFaller closed 3 years ago

FlyingFaller commented 3 years ago

I'm sorry this is not a bug report but I can't think of another way to ask general questions.

What is the purpose of E2E in DMs? DMs are already private and Apate encryption already worked within them IIRC. There's no one to hide your messages from (unless you are counting interference from Discord) and if you want them encrypted you still have to use asterisks and a cover message which is tiresome for long conversations such as DMs. As far as I can see the only thing E2E does is auto generate and share a password. But why? Why would you want and go through the effort of encrypting DMs in the first place???

TheGreenPig commented 3 years ago

Well, say you want to talk to a person you've never talked before in secret. If you just tell the other person "Let's use password 1234Lazerbeam" and your or the other person's account gets hacked, the hacker can simply (assuming they know what Apate is) decrypt all your messages with the password 1234Lazerbeam right? Also it is very likely, because you are humans, that you will use an unsecure password. That's why end-to-end encryption exists. Since you are not actively making the password, a very complex, strong one can be used and also the hacker has no way of reading any messages unless they have physical access to your computer. I recommend you watch some videos or read some stuff about "Asymmetric encryption" because that's exactly what's going on here.

I could implement it that all your messages get encrypted anyway (without having to use the *) to make it easier, that is true. I might add that some time.

I hope this answers your question!

FlyingFaller commented 3 years ago

Well, say you want to talk to a person you've never talked before in secret. If you just tell the other person "Let's use password 1234Lazerbeam" and your or the other person's account gets hacked, the hacker can simply (assuming they know what Apate is) decrypt all your messages with the password 1234Lazerbeam right? Also it is very likely, because you are humans, that you will use an unsecure password. That's why end-to-end encryption exists. Since you are not actively making the password, a very complex, strong one can be used and also the hacker has no way of reading any messages unless they have physical access to your computer. I recommend you watch some videos or read some stuff about "Asymmetric encryption" because that's exactly what's going on here.

I could implement it that all your messages get encrypted anyway (without having to use the *) to make it easier, that is true. I might add that some time.

I hope this answers your question!

I see thank you. I suppose that account hacking is a niche but plausible use case. I definitely think you should implement a feature to encrypt by default (without asterisks or a cover message if that is possible) especially for E2E. If a cover message is required for some quirk of Discord then maybe you could auto inject an empty character or something similar if none is used. Thanks for the answer, keep up the fantastic work on all your great plugins!

TheGreenPig commented 3 years ago

maybe you could auto inject an empty character or something similar if none is used.

I added this in the newest version. If your dm is end to end encrypted, press enter like normal to send an unencrypted message and Ctrl+Enter to send an encrypted one. A cover Text is no longer required.