Document that OMEMO is disabled when the device is untrusted
This commit is contained in:
parent
c8dc7b63b2
commit
18dad134fc
|
@ -16,34 +16,29 @@ A room (aka groupchat) can be opened with a URL fragment such as `#converse/room
|
||||||
and a private chat with a URL fragment such as
|
and a private chat with a URL fragment such as
|
||||||
`#converse/chat?jid=user@domain`.
|
`#converse/chat?jid=user@domain`.
|
||||||
|
|
||||||
Off-the-record encryption
|
XEP-0384 OMEMO Encryption
|
||||||
=========================
|
=========================
|
||||||
|
|
||||||
Converse supports `Off-the-record (OTR) <https://otr.cypherpunks.ca/>`_
|
Converse supports OMEMO encryption based on the
|
||||||
encrypted messaging.
|
`Signal Protocol <https://github.com/signalapp/libsignal-protocol-javascript>`_.
|
||||||
|
|
||||||
The OTR protocol not only **encrypts your messages**, it provides ways to
|
The Signal Protocol is session-oriented. Clients establish a session, which is
|
||||||
**verify the identity** of the person you are talking to,
|
then used for all subsequent encrypt/decrypt operations. There is no need to
|
||||||
**plausible deniability** and **perfect forward secrecy** by generating
|
ever tear down a session once one has been established.
|
||||||
new encryption keys for each conversation.
|
|
||||||
|
|
||||||
In its current state, JavaScript cryptography is fraught with dangers and
|
This means that a session needs to be stored permanently after logging out.
|
||||||
challenges that make it impossible to reach the same standard of security that
|
|
||||||
is available with native "desktop" software.
|
|
||||||
|
|
||||||
This is due to its runtime malleability, the way it is "installed" (e.g.
|
Converse stores this session information in the browser's `localStorage <https://developer.mozilla.org/en-US/docs/Web/API/Storage/LocalStorage>`_.
|
||||||
served) and the browser's lack of cryptographic primitives needed to implement
|
|
||||||
secure crypto.
|
|
||||||
|
|
||||||
For harsh but fairly valid criticism of JavaScript cryptography, read:
|
If you've checked the "This is not a trusted device" checkbox when logging in,
|
||||||
`JavaScript Cryptography Considered Harmful <http://www.matasano.com/articles/javascript-cryptography/>`_.
|
then `sessionStorage <https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage>`_
|
||||||
|
is used instead of localStorage and all data is cleared when you log out.
|
||||||
|
|
||||||
To get an idea on how this applies to OTR support in Converse, please read
|
For this reason, OMEMO cannot be used when you've indicated that you're using
|
||||||
`my thoughts on it <https://opkode.com/media/blog/2013/11/11/conversejs-otr-support>`_.
|
an untrusted device. You would in any case not be able to decrypt previously
|
||||||
|
received OMEMO messages, due to the Signal Protocol's forward secrecy and the
|
||||||
|
fact that you don't have a pre-existing session.
|
||||||
|
|
||||||
For now, suffice to say that although its useful to have OTR support in
|
|
||||||
Converse in order to avoid most eavesdroppers, if you need serious
|
|
||||||
communications privacy, then you're much better off using native software.
|
|
||||||
|
|
||||||
Notifications
|
Notifications
|
||||||
=============
|
=============
|
||||||
|
|
Loading…
Reference in New Issue
Block a user