I have now updated to uTox 0.9.4. I've seen, that offline messaging has been implemented now, i.e.
it's possible to write a message to somebody, who is offline.
While this certainly is handy, I immediately started asking myself, whether this is not a security
issue - if one's counterpart is offline, it's not possible to deliver the message to him directly, but
the message is queued somewhere. And this is the question - if it's buffered somewhere, then this
"somewhere" could be searched and the message, even in encrypted format, can be captured and
somehow (brute force ?) decrypted and read.
While with perfect forward security, other messages can't be read, as they have different encryption key(s), the message, sent offline is (IMHO) subtle to being captured, decrypted and read by other parties, as in this case, there is no direct end-to-end communication.
Please kindly let me know your opinion. Many thanks!!
Dear uTox developers.
I have now updated to uTox 0.9.4. I've seen, that offline messaging has been implemented now, i.e. it's possible to write a message to somebody, who is offline. While this certainly is handy, I immediately started asking myself, whether this is not a security issue - if one's counterpart is offline, it's not possible to deliver the message to him directly, but the message is queued somewhere. And this is the question - if it's buffered somewhere, then this "somewhere" could be searched and the message, even in encrypted format, can be captured and somehow (brute force ?) decrypted and read. While with perfect forward security, other messages can't be read, as they have different encryption key(s), the message, sent offline is (IMHO) subtle to being captured, decrypted and read by other parties, as in this case, there is no direct end-to-end communication.
Please kindly let me know your opinion. Many thanks!!