cebe
commented
8 years ago You are in the wrong repo, please ask at https://github.com/GrayHatter/uTox
Closed darkman088 closed 8 years ago
cebe
commented
8 years ago You are in the wrong repo, please ask at https://github.com/GrayHatter/uTox
darkman088
commented
8 years ago OK, I am sorry. I've posted it in the location provided by you. Please apologize
Dear uTox developers.
I have now updated to uTox 0.9.4. I've seen, that offline messaging has been implemented now, i.e. it's possible to write a message to somebody, who is offline. While this certainly is handy, I immediately started asking myself, whether this is not a security issue - if one's counterpart is offline, it's not possible to deliver the message to him directly, but the message is queued somewhere. And this is the question - if it's buffered somewhere, then this "somewhere" could be searched and the message, even in encrypted format, can be captured and somehow (brute force ?) decrypted and read. While with perfect forward security, other messages can't be read, as they have different encryption key(s), the message, sent offline is (IMHO) subtle to being captured, decrypted and read by other parties, as in this case, there is no direct end-to-end communication.
Please kindly let me know your opinion. Many thanks!!