Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

https://element.io/en/help#encryption-device-verification

> After Alice logs in on a new device, she uses her cryptographic identity to demonstrate to Bob that the new device genuinely belongs to her, rather than being added by someone else with access to her account. She can do this either by entering her recovery key (which gives the new device immediate access to her cryptographic identity ), or by carrying out an interactive verification from an existing verified device.



So is this like the Signal PIN which is required when installing on a new device? If you forget, the cryptography changes and old contacts are warned that signatures are rotated, right?


Yes, the purpose is the same but the UX is a bit different.


Quite. I have yet to manage a verification between clients.

I have had all variations of clients ignoring requests, reporting requests only for the requesting client to ignore the response. Both ends quitting declaring that the other end cancelled, asking for the other end to input a code while the other end shows no interface for doing so.

It marked the end of me using Matrix as a platform. I'd go back to the old IRC channels if there were anyone still there.


I have never failed at that. Worst case I type my recovery key and done.

I still have my encrypted messages available from 2020


People still use IRC


If by bit different you mean absolute nightmare then yes


imho it's the best out there

- no unnecessary coupling to a phone client

- no coupling to any other client - I can just put my recovery key in and be verified without having to deal with other apps.


More like the safety number / QR code.

The numerical Signal PINs are basically just for when you bootstrap your Signal identity from a telephone number.


Except Signal PIN appears to be trivial to bruteforce for Signal itself, unlike this properly secure verification.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: