Grab Your Popcorn, I Have Haters
Last week, I wrote a blog post about Session (a fork of Signal that a few folks have asked me about).
A few days later, Session’s developers responded. Their response was lame (to put it mildly), so I over the weekend I wrote a follow-up blog post with proof-of-concepts for Ed25519 with short seeds.
But in the interim couple of days between Session’s blog and my retort, a lot of people felt the need to weigh in on social media.
None of these people know me, yet they insisted on… well, see for yourself.
Shrill About “Shill”
WOW! They guy who wrote that blog is a garbage human being. HE KNEW HE WAS RIGHTING A HIT PIECE! He didnt even know most of what he was talking about. The Android thing is what really made me believe he is just a shill. Someone paid him. Also you are RIGHT PoC should be done
— Jason Hammond (@JasonHa98341435) January 17, 2025
WOW! They guy who wrote that blog is a garbage human being. HE KNEW HE WAS RIGHTING A HIT PIECE! He didnt even know most of what he was talking about. The Android thing is what really made me believe he is just a shill. Someone paid him. Also you are RIGHT PoC should be done
I Guess I Never Miss, Huh?
Ouch. If you're going to take a shot, you best not miss. Soatok done screw up bad this time. https://getsession.org/blog/a-response-to-recent-claims-about-sessions-security-architecture
— Andrew Gallagher (@andrewg.mastodon.ie.ap.brid.gy) 2025-01-17T10:16:24.149Z
(Don’t worry, I already told him. I just don’t use Twitter anymore.)
A Lack Of Understanding Of Basic Cryptographic Primitives
The "Don't Use Session (Signal Fork)" post shows a tragic lack of understanding of basic cryptographic primitives and Session's protocol. The post claims the signature validation code of a message "reduced the utility of Ed25519 to that of a CRC32". But immediately following the… pic.twitter.com/zrBw0vGceN
— scriptjunkie (Matt) (@scriptjunkie1) January 15, 2025
This one was barely coherent, like a stream-of-consciousness from someone whose high wore off twenty minutes ago but they haven’t realized it yet.
There’s a lot that can be said about this sort of conduct. But I’ll be terse: Sunlight is the best disinfectant.
Interesting Reading Material
Matrix (remember them?) is having a hell of a time.
Matthew Green wrote about AI and end-to-end encryption. The outlook doesn’t look good.
Quanta Magazine has an article about kissing and balls touching. (Sounds gay, I’m in.)
Eugen stepped down as Mastodon CEO. I don’t actually know the guy that well, but it’s surprising when someone with power actually does this sort of thing.
Snyk touched the live NPM package ecosystem during a security test, which didn’t end well.
Are you interested in hardware hacking? There’s now an open source wiki that might be of interest to you!
The FTC sues John Deere. Right to repair advocates rejoice!
Until next time!