#libolm — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #libolm, aggregated by home.social.
-
Any #nixos maintainer here who'd be up to reviewing a PR ? The cryptographic library #libolm no longer builds on nixpkgs for macOS - this sadly still is a critical dependency for a major share of the matrix ecosystem, I'd appreciate to just get the fix merged quickly.
https://github.com/NixOS/nixpkgs/pull/381493
(Boost ok)
-
@Forbearance
> An irate blue wolf told me that Matrix was afflicted with a Library of Olms and we shouldn't use itThis person is spreading FUD.
"The CVEs have since been edited post-submission to conflate libolm with the Olm protocol itself. A genuine protocol vulnerability would be much more serious so we are working with MITRE to clarify."
https://matrix.org/blog/2024/08/libolm-deprecation/
libolm has been formally deprecated in favour of a new Olm library.
-
FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
libolm has now been deprecated: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985
These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.
#FluffyChat and #Nheko are working on their clients:
https://github.com/krille-chan/fluffychat/issues/1258
https://github.com/Nheko-Reborn/nheko/issues/1786#issue-2441024627
Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.Edit: This post has been edited to include some corrections
-
FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
libolm has now been deprecated: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985
These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.
#FluffyChat and #Nheko are working on their clients:
https://github.com/krille-chan/fluffychat/issues/1258
https://github.com/Nheko-Reborn/nheko/issues/1786#issue-2441024627
Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.Edit: This post has been edited to include some corrections
-
FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
libolm has now been deprecated: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985
These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.
#FluffyChat and #Nheko are working on their clients:
https://github.com/krille-chan/fluffychat/issues/1258
https://github.com/Nheko-Reborn/nheko/issues/1786#issue-2441024627
Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.Edit: This post has been edited to include some corrections
-
FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
libolm has now been deprecated: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985
These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.
#FluffyChat and #Nheko are working on their clients:
https://github.com/krille-chan/fluffychat/issues/1258
https://github.com/Nheko-Reborn/nheko/issues/1786#issue-2441024627
Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.Edit: This post has been edited to include some corrections
-
FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
libolm has now been deprecated: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985
These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.
#FluffyChat and #Nheko are working on their clients:
https://github.com/krille-chan/fluffychat/issues/1258
https://github.com/Nheko-Reborn/nheko/issues/1786#issue-2441024627
Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.Edit: This post has been edited to include some corrections
-
I am disappointed that @matrix didn't publish any response to the Soatok post.
At least to provide some context about
- Why was an insecure crypto implementation knowingly chosen for libolm?
- Why was the fact that libolm is potentially insecure not clearly communicated?
- Why was the crypto implementation not replaced sooner?
- Why is the ecosystem so slow to start using the Rust rewrite?
- Does the foundation plan to do anything about that? -
Work on the [#matrix] POSIX SDK is now in a stage that runtime configuration and object initialization is finally working - using pure POSIX shell 🎉 !
Though there are only some few Client Server API endpoints implemented yet, the SDK is on a good way to an alpha version.
-
Started working on a proper [#matrix] Bash SDK - aiming to be POSIX compatible, minimal in dependencies and to support E2E encryption.
-
Got #FluffyChat builds on Windows working with #libolm bundled for encryption support. I hope we can officially ship Windows builds with the next release 🎉!