What advantage does Signal protocol have over basic public key encryption?
Punk-BatSoup-Stasi 2.0
punks at tfwno.gf
Mon Jan 25 14:28:00 PST 2021
On Mon, 25 Jan 2021 14:06:51 -0500
Karl <gmkarl at gmail.com> wrote:
> > On 1/24/21, David Barrett <dbarrett at expensify.com> wrote:
> >> Hi all, I'm the CEO a company called Expensify, developing a new open
> >> source chat application at https://Expensify.cash. I was pretty
> >> prolific on the p2p-hackers mailing list back in the day, but this is my
> >> first post to Cypherpunk, so... hi!
> >
> > Punk's comment on javascript has merit. It's hard to secure
> > javascript. It's gotten easier, but it's still designed for the web,
> > where everything you do is handed to you by a stranger.
>
> Re Signal and Javascript, Signal offers its code in a signed binary,
> and offers the source to that binary for anybody to build and check.
> I'm not aware that javascript has a way to provide cryptographic
> signatures of its code, but I've been out of the loop for a while.
yeah the 'javascript model' is : you automatically run un-audited, obfuscated random garbage from random arpanet websites. The way 'javascript' is used is of course insane...and malicious.
It's funny to see people "developing a new open source chat application" who can't even make a basic website which isn't fucking malware.
On the other hand it should be obvious that nobody should touch mr barrett's "app" even with a ten foot pole given the way he treats the visitors to his site.
>
> Basically a number of the design choices around signal demonstrate
> trust. Some do not. But more than most projects out there.
More information about the cypherpunks
mailing list