I don’t consider myself exceptional in any regard, but I stumbled upon a few cryptography vulnerabilities in Matrix’s Olm library with so little effort that it was nearly accidental.

It should not be this easy to find these kind of issues in any product people purportedly rely on for private messaging, which many people evangelize incorrectly as a Signal alternative.

  • nethad
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    3 months ago

    It uses matrix-rust-sdk (written by Element) and that uses the new vodozemac, so you’re safe