Don’t Use Session (Signal Fork) [Article]

I read this today. But I’m not expert. I need your comments.

7 Likes

Question: why did Session take the decision to remove forward secrecy, and for what purpose?

They claim in a 2020 blog post that their motivation is:

The simple fact of the matter is that Session provides protections against these types of threats in other ways — through fully anonymous account creation, onion routing, and metadata minimisation, for example. These protections will prove as effective, or more so, in many real-world scenarios within Session’s scope and threat model.

They think this is a replacement for KCI security. I disagree.

7 Likes

It’s wild too because SimpleX Chat has their private routing now so it’s clearly possible to have all the features session offers and more while keeping PFS.

7 Likes

How do you think this slipped past their audit?

Like I said in the topic regarding 1Password and open source, audits aren’t a silver bullet.

3 Likes

I can only speculate, as I don’t recognize any of the names on the Quarkslab audit from 2021. The blog post announcing it also mentions the review of all 3 apps was timeboxed to 10 days. The timeline in the audit report PDF made me think it was a much longer project than that.

Neither of the “R&D Engineer” employees listed on the report have done much publicly since 2021. I don’t see any cryptographers on the roster, either.

All in all, I can speculate about all the ways this could have slipped past. But I wasn’t there, so who knows?

They did identify the weak entropy issue, on each app platform, but decided it wasn’t a big issue.

Now, having been in a vaguely similar boat earlier in my career, what I think happened (grain of salt, please; I wasn’t actually there) is something shaped vaguely like:

  • Engineer: “Hey, we found this!”
  • Oxen team: “Is it exploitable?”
  • Engineer: “Hmm, I dunno. Maybe?”
  • Oxen team: “Well, we deliberately do this so the recovery phrases are only 13 words, not 25. It should be fine.”
  • Engineer: “Yeah, I can’t argue with that. Maybe if I had time to poke around more and write a PoC…”
  • Manager: “We don’t have time budgeted for this kind of research. Let’s move on.”

At least, that’s what I imagine happened when I read their statements in the finding.

3 Likes

Correct.

You might be interested to hear, I’ve also looked at 1Password before (as well as LastPass). I wrote about my experiences here.

Takeaway: Based on how both vendors responded to my reports, I would absolutely trust 1Password over LastPass. I can’t speak to Dashlane, Bitwarden, etc. of course.

6 Likes

That tracks lol

1 Like

I guess this is another example of how audits are not the security fairy dust people make them out to be.

In any case thanks for the info on this , its highly informative and I will be discussing with the team on how to move forward. We will most likely be delisting Session.

As a side note, folks with proper knowledge about cryptography are very hard to come by, would you mind if I reached out to you in the future if I were to have a question about certain platforms or services regarding their cryptography implementation? I highly respect the work that you do.

9 Likes

Thanks for the kind words. I’d be happy to share my opinions as needed.

8 Likes

That would be ideal yeah. At this point I don’t think it offers anything you can’t get elsewhere anyway.

10 Likes

A lot if this cryptography talk goes above my head but if the issues are as serious as they seem it makes me loose all the hope I had for lokinet, if they don’t have good cryptography for their main product they will surely screw up something on their onion router.

Something something, threat model. The author notes in the article that some of the criticisms are contested and it appears fairly theoretical. If someone can’t or won’t use Signal, I’d think Session is still far preferable to some alternatives.

To me “Don’t use” might be hyperbolic. If you didn’t have a phone number, certainly preferable to use Session over some other alternatives.

Thanks for introducing your blog @soatok I’ve bookmarked it.

I agree, we need more cryptographers on here to weigh in with their expert opinions and cryptanalysis. :smiley:

I’ve been a big fan of Bruce Schneier, going back to his Blowfish and Twofish algorithms (the latter was even a finalist for NIST’s AES contest, despite Rijndael winning out in the end).

Cryptography is one of those subjects where I tend to defer to trusted subject matter experts (like Bruce). The complex algebra is beyond me! :laughing:

One of the first cryptography books I ever read (sheerly due to availability in my library) was his book describing the TwoFish block cipher. At the time (2010), I didn’t understand a lick of the advanced math, but I really wanted to.

I sometimes quote Schneier, but I’ve since come to know a lot of cryptographers and they’re mostly excellent people. Unfortunately, there aren’t nearly enough people with expertise in this field in the world, so their time is highly prized.

(If anyone is interested in learning, SalusaSecondus maintains an excellent Getting Started page.)

2 Likes

as a result will session be de-list from PG ? :slight_smile:

As stated above by a PG team member

Welcome to the community !
I had never seen your blog before and I find it amazing :+1::+1:Nice to read about cryptography in messengers apps, cryptocurrencies and to get to know the furry fandom.

A response from the Session team, I guess:

1 Like