Closed ahdinosaur closed 4 years ago
ahdinosaur
commented
5 years ago also question: is the latest private-box@0.3.0 not published on GitHub? giving a second look, i realize i can't find where secretBox.multibox_open_body and secretBox.multibox_open_key are defined, i just assume they take the same arguments as secretBox.multibox_open etc.
ahdinosaur
commented
5 years ago also worth mentioning: as i understand from the protocol guide, each recipient in a private message adds 49 bytes to encrypt the unbox key to each recipient, which means 15 recipients is 735 bytes, out of our 8 kilobyte limit.
ahdinosaur
commented
5 years ago if we wanted to go bigger, we could do 32 max recipients, which would be 1568 bytes out of 8192.
christianbundy
commented
5 years ago I'm for it, although I think we'll need to explain this in the clients so that people aren't confused when peers can't read their messages. I'd also be down to bump this to 32.
cryptix
commented
5 years ago Would also like to see this. 32 might add quite a lot of churn. Maybe this should be done in tandem with an option to only decrypt messages form people you follow?..
Also: We could contemplate making blog-style posts using private blobs to give users more space for their thoughts.
dominictarr
commented
5 years ago This is something we can increase, but never decrease. I'd rather not change it. It's easy to suggest changing a single number, but that change has many effects, and I'm gonna end up being the one supporting them.
There is a prototype of private-groups
I'd certainly like to get that going, but mainly it's blocked by the fact that @keks and I are currently the only ones qualified to design it. If you want to make that happen, you can help by either learning cryptography (this is doable, but a steep learning curve, but I did it once, etc) or by assisting with releving the burdon of other stuff that is distracting us from work on private groups.
ahdinosaur
commented
5 years ago It's easy to suggest changing a single number, but that change has many effects, and I'm gonna end up being the one supporting them.
@dominictarr if i may ask: what are the possible effects of this change, that you're aware of? from my perspective, this seems like an innocent change, but your comment makes it seem like there's a cave of hidden context that you're aware of with regards to dangerous implementation details. :sweat_smile:
dominictarr
commented
5 years ago @ahdinosaur well, the first thing is that it's gonna make every decrypt attempt take longer. especially since messages that are not for you always take the maximum number of decrypts
christianbundy
commented
4 years ago Maybe we could increase to 8? It's not a bunch, but it's still 14% more. :~)
christianbundy
commented
4 years ago Are we all comfortable with closing this? This doesn't seem like it's going to get merged.
staltz
commented
4 years ago It's easy to suggest changing a single number, but that change has many effects, and I'm gonna end up being the one supporting them.
Given that this has changed (Dominic won't be maintaining it), and given that private groups has been designed and is in active development, if we increase this to 15, we will still have a way of addressing "larger groups".
One question, though, where is the number 7 encoded here? I don't see any explicit mention of the old limit, only the new limit in this PR.
(By the way, the maximum recipients is currently actually at 8. It's you + 7 others, so usually it feels like 7, but including yourself (which is required) bumps it to 8. This PR though encoded 15, which means you + 14. I would prefer that it's you + 15, because 16 is a nice looking power of 2)
christianbundy
commented
4 years ago One question, though, where is the number 7 encoded here?
It's encoded in private-box here:
By the way, the maximum recipients is currently actually at 8.
Is that true? My understanding is that the maximum number of recipients is currently 7 , which means that if you add yourself as a recipient then you can only have 6 other recipients.
staltz
commented
4 years ago I guess you're right! I learned something new.
keks
commented
4 years ago I don't think increasing is a good idea. First, it will take twice as long to try decrypt any encrypted message. Second, if you send a message with >8 recipients to someone who hasn't updated and their slot is e.g. the 9th, they will not receive the message and nobody would realise.
Please let's just move on to the new private messages? -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
staltz
commented
4 years ago Good point what Keks said. I agree with him. Doubling the time to attempt decryptions on all encrypted messages is a big deal specially on mobile.
although private groups will solve this better, private groups are always coming soon and have yet to come, so i think we should make private messages more palatable for real-life usage by increasing the max recipients for private-box.
concrete use case: in the last couple weeks i've created or been part of 3 (too many) private threads with more than 7 people, so either someone is left out or two threads are created (but then you miss out on the other half).
i picked 15 as a new arbitrary number to replace the old arbitrary number 7. open to other suggestions, i just want at least something between 10 and 20, maybe 12.
if accepted, this will certainly also be an interesting (mild) case of a soft fork. :smiley_cat:
see also: