Modern encryption

[sylvain101010]

Hi, I couldn't find an issue about this, so I open this one.

OLM and MegOLM use old cipher like AES-256-CBC, HMAC-SHA-256 which have a lot of drawbacks (like hard to review, vulnerable to hardware backdoors...).

Is there any plan to use modern ciphers instead, like XChaCha20-Poly1305, blake2b and so on?

[uhoreg]

There is no current plan to change the ciphers, but we wouldn't rule it out either. The current plan is to make e2ee usable and stable enough for regular use. We're also following the IETF's MLS effort and seeing if we can incorporate it into Matrix. If we do incorporate MLS into Matrix, it's likely that we would just use whatever ciphers it specifies, though it wouldn't be out of the question for us to make modifications if we felt that it was necessary.

[uhoreg]

MLS specifies several different ciphersuites that can be used. It requires implementations to implement X25519/AES-256-GCM/HMAC-SHA-256/Ed25519, but it also defines suites using X25519/ChaCha20-Poly1305/HMAC-SHA-256/Ed25519 and X448/ChaCha20-Poly1305/HMAC-SHA-512/Ed25519.

[richvdh]

I'm going to go ahead and close this; as @uhoreg says, we have no immediate plans to change to change the ciphers used in olm and megolm.

Related issues include: https://github.com/matrix-org/matrix-spec/issues/1557, https://github.com/matrix-org/matrix-spec/issues/975, https://github.com/matrix-org/matrix-spec/issues/934.