bitchat has a trivial MITM flaw with the favorite's identity system. i wrote up my thoughts around vibe coding cryptographic security and rolling a new protocol
NitpickLawyer•7mo ago
Are there any tell-tale signs of vibecoding in the code base? Or are we at the point where we're using it as a pejorative for bad code?
spr-alex•7mo ago
i am not using it as a pejorative here, I am pretty sure that is the case for this code base, as every block has a comment describing the code that immediately follows
also i do not doubt jack's cryptography and encryption understanding, so this particular MitM flaw is almost certainly not what human steering would put together. x25519 APIs makes it both easy and simple to do identity persistence correctly, the code simply doesn't use the identity key cryptographically.
zith•7mo ago
I guess "don't roll your own crypto" is as valid as ever.
31337Logic•7mo ago
I'll stick with Briar, thanks.
d00mB0t•6mo ago
Sounds like a feature and not a bug. 'Secure' but with enough holes for three letter agencies.
spr-alex•7mo ago
NitpickLawyer•7mo ago
spr-alex•7mo ago
also i do not doubt jack's cryptography and encryption understanding, so this particular MitM flaw is almost certainly not what human steering would put together. x25519 APIs makes it both easy and simple to do identity persistence correctly, the code simply doesn't use the identity key cryptographically.