Not a crypto expert so take this with a grain of salt and do your own research
@colinl @ancommie @dajbelshaw @keverets @RussSharek Ya, thats a pretty fair understanding. OMEMO also has forward secrecy. So even if your future keys are compromised, your past messages wont be compromised.
The admin of the server wont be able to read your messages but will have access to metadata (which is often just as important as the message).
The admin of the server wont be able to read your messages but will have access to metadata (which is often just as important as the message).
re: Not a crypto expert so take this with a grain of salt and do your own research
@colinl @RussSharek @ancommie @dajbelshaw @keverets You should be using a password generator anyways to protect against the admin storing your password badly (ie. in plain text).
@ancommie @colinl @dajbelshaw @keverets @RussSharek Not sure what you mean by "But the thing is, why should I put my trust into an admin that i heard has the ability to read my password in clear text and to modify messages?" Do you have a source for that?
@dajbelshaw @keverets @RussSharek Im sure daniel would be more than happy to see an issue open with a suggested sentence that explains XMPP in simpler - more layman terms =)
- replies
- 0
- announces
- 0
- likes
- 0
@gcupc @colinl @ancommie @dajbelshaw @RussSharek
I just checked prosody's documentation and it seems that you guys are correct:
https://prosody.im/doc/plain_or_hashed
I wonder if conversations/dino/gajim support SCRAM now. Regardless, you should always use a password manager. You can never trust the server operator even if they claim they use hashed passwords.
I just checked prosody's documentation and it seems that you guys are correct:
https://prosody.im/doc/plain_or_hashed
I wonder if conversations/dino/gajim support SCRAM now. Regardless, you should always use a password manager. You can never trust the server operator even if they claim they use hashed passwords.
@ancommie @gcupc @dajbelshaw @RussSharek @colinl
Even still, the admin could change the source code of ejabberd or change the option to plain text.
The server software doesnt really matter. What matters is how much you trust the server operator. Regardless, OMEMO and choosing a server run by a community you trust to not hand out your metadata rather than a corporation should give you peace of mind.