search

soatok / mastodon-e2ee-specification

Soatok's Proposal for End-to-End Encryption in Mastodon
https://soatok.blog/2022/11/22/towards-end-to-end-encryption-for-direct-messages-in-the-fediverse/
GNU Affero General Public License v3.0
206 stars 4 forks source link

Passphrase-Protected Key Wrapping #4

Closed soatok closed 1 year ago

soatok commented 1 year ago

The latest OPAQUE draft is significantly improved from earlier designs.

Open question to be decided:

We currently propose a simple construction (AES-256-CTR + HMAC-SHA384, encrypt-then-MAC) to actually encrypt the keys with the OPAQUE export_key.

Would ChaCha20 + BLAKE2b-MAC be better? (AES has cache-timing attacks.)

Are we going to double down on libsodium for our underlying library?

(To decide in a future commit.)

EDIT: Now using ChaCha20 + BLAKE2b-MAC instead of AES-CTR + HMAC. https://github.com/soatok/mastodon-e2ee-specification/pull/4/commits/ea1f59308aaebe999a705ac71377e7a9cbf0bbc1

soatok commented 1 year ago

Merging as-is. This ended up being less controversial than I anticipated before I dived deeper into the latest OPAQUE drafts.