Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes, Matrix is properly end-to-end encrypted (with all keys generated clientside) and has been independently audited as such: https://www.nccgroup.trust/us/our-research/matrix-olm-crypto.... We have gone to huge efforts to prevent MITMs via device verification and cross signing - which specifically addresses both problems of a) losing chat history when you move between devices (via https://github.com/uhoreg/matrix-doc/blob/e2e_backup/proposa...) and b) requiring cross-signing when you log in on a new device, to spread trust to new logins, as per https://github.com/uhoreg/matrix-doc/blob/cross-signing2/pro....

All keys are stored clientside, with the exception of if you enable serverside key backup, when they are then encrypted and optionally stored serverside to allow you to recover your history if you lose all your devices.



Just to confirm, if I turn off backup, does anything stop working aside from needing at least one device to be operational at any given time?

Edit: Specifically, is key backup tied to the ability to recover account history on a new device, or can I still get that with key backup disabled as long as I have at least one other device active?

Edit 2: Can you address this paragraph:

> One point for super-paranoid users: currently the private key used to sign your own devices and the private key used to sign other users are encrypted by your recovery passphrase/key and stored on the server to allow recovery if you lose all your devices. We also allow signing keys to be shared (gossiped) between devices, but right now the implementation also stores them encrypted on the server too. This restriction will be fixed in future, but for now if you don’t trust your server with encrypted keys, you may want to hold off on using cross-signing.

If I understand correctly, sounds like security is based on the complexity of your recovery passphrase and an implicit assumption that the passphrase doesn't get transmitted to the server... is that correct?


If you turn off message key backup, all it means is that if you lose all your devices (and thus your keys), you will lose your history. Otherwise, if you have at least one device active on your account, it will receive your message keys and gossip them (if needed) with your other devices. You can always do a manual offline backup too for safekeeping as a workaround.

> If I understand correctly, sounds like security is based on the complexity of your recovery passphrase and an implicit assumption that the passphrase doesn't get transmitted to the server... is that correct?

If you use cross-signing, then yes - your signing keys are stored protected by the recovery passphrase on the server. We also support gossiping them between devices (same as message keys), and there's no reason for them to have to persist on the server. We just need to hook up the UI to expose that as an option and we ran out of time to do that before shipping the initial release. It will follow shortly.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: