On 13.04.19 00:17, Kevin Steen wrote: > On 12/04/2019 11:51, Abel Luck wrote: >>>> >>>> If you still have Riot open and it hasn't logged you out yet, you need >>>> to export your E2E room keys so you don't lose your chat history. > > There's something I don't understand with these E2E keys - are they not > actually stored in the end devices? > > How come, now that we've all been logged out, we can't access those > keys? Are they actually stored on the server?
The riot clients, for better or worse, are set up to delete the local decryption keys when their login token is no longer valid. (Otherwise you couldn't backup the keys from a currently offline device.) > > I've tried to find and read the spec on these things, but if anyone can > explain in simpler language I'd appreciate it! > > > In extreme paranoia mode, I've noticed a few things which may or may not > be related: > + They recently added the "feature" allowing the backup of keys from the > app to the server. While the implementation landed rather recently this feature was planned for a long time already. See for example here for a lot of background considerations: https://moderncrypto.org/mail-archive/messaging/2017/002471.html > + They stopped publishing changelogs and went with the slimy google > approach of "we're always adding new features, just allow your app to > auto-update" Not sure what changelogs you are reading but all changelogs are here: https://github.com/vector-im/riot-android/releases or https://github.com/matrix-org/synapse/releases or https://github.com/vector-im/riot-web/releases > + They forcibly logged everyone out Yes, that is what you need to do when someone got potential access to all active sessions. > + The emailed advice to users extolls the virtues of the "backup your > keys to the server" option. > > Has there been some rubber-hose cryptography applied to the Matrix team > to modify the ecosystem to make life easier for the 3-letter agencies? > > -Kevin > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] > Marcus
signature.asc
Description: OpenPGP digital signature
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
