we understand the limitations of AES-GCM, and they do not apply here, but we will revalidate it.
Groups don't use shared keys, they are based on pairwise ratchets.
The encryption scheme evolved with the addition of sntrup761 to double ratchet, and if AES-GCM proves suboptimal, it can be replaced too.
Also, it is customary to follow a process to report vulnerabilities: https://simplex.chat/security/
Doing it in public forum hurts your credibility.
SimpleX Chat /
npub1gs…zfy6l
2024-05-17 18:33:26
in reply to nevent1q…4qfc
Author Public Key
npub1gsunl7x2y8ka4rn72y9zmzh0j8ntw8ln3956dxe4vg2mldpt4svsuzfy6lPublished at
2024-05-17 18:33:26Event JSON
{
"id": "5ec458e5b0fe182501a4b52e333cbe4cd390060994763fa5d525f8e1eb848d28",
"pubkey": "44393ff8ca21edda8e7e510a2d8aef91e6b71ff38969a69b356215bfb42bac19",
"created_at": 1715963606,
"kind": 1,
"tags": [
[
"e",
"5454e95cbe4aeceaf5561069099f1c329682bfe54d87648eead101a737b920bb",
"",
"root"
],
[
"proxy",
"https://mastodon.social/@simplex/112457390928922305",
"web"
],
[
"p",
"7242fe8980b966af4bc244f32a570329a50a19594896e1707268651ae7b4638a"
],
[
"e",
"bc18c62ce40787321e2f855e2491ea7607451d2038ff9ea1adf9ff9e1c89cc4a",
"",
"reply"
],
[
"p",
"fa2151f367b7a79bbd16adcc24cd9adc17b703d25d56c33211b349f755802e79"
],
[
"p",
"d41a7666ebcef50bb1b20943b5fea0e8147b4a035977ef4524049e5690ae735e"
],
[
"p",
"44393ff8ca21edda8e7e510a2d8aef91e6b71ff38969a69b356215bfb42bac19"
],
[
"proxy",
"https://mastodon.social/users/simplex/statuses/112457390928922305",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/simplex/statuses/112457390928922305",
"pink.momostr"
]
],
"content": "we understand the limitations of AES-GCM, and they do not apply here, but we will revalidate it.\n\nGroups don't use shared keys, they are based on pairwise ratchets.\n\nThe encryption scheme evolved with the addition of sntrup761 to double ratchet, and if AES-GCM proves suboptimal, it can be replaced too.\n\nAlso, it is customary to follow a process to report vulnerabilities: https://simplex.chat/security/\n\nDoing it in public forum hurts your credibility.",
"sig": "ff7881d2fec69bf5b702b4ff66f6696b27487858f1281b30a9f2ee286774efe7e65f8b1609319e7f098b8bbe06fbff5bf2bab09d19213a42d9e0205366a60fec"
}