Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Protocol #9480

Closed
c0fe opened this issue Jan 23, 2018 · 8 comments
Closed

Security Protocol #9480

c0fe opened this issue Jan 23, 2018 · 8 comments

Comments

@c0fe
Copy link

c0fe commented Jan 23, 2018

I have tried to locate the information on whether or not Rocket.Chat uses a security protocol and specifically if it uses the Signal Protocol developed by WhisperSystems.

I know it was one of the Google Summer of Code but beyond one article I found nothing else. Can anyone advise on this?
@soundstorm
Copy link
Contributor

RC is storing messages in plaintext; encryption only by HTTPS transfer AFAIK.

@c0fe
Copy link
Author

c0fe commented Jan 24, 2018

That is nuts, is there any plans to change that?

@AmShaegar13
Copy link
Contributor

AmShaegar13 commented Jan 24, 2018
edited
Loading

This would go against one of the core features of Rocket.Chat. Messages are stored server-side and you can access them from everywhere with any device. With a security protocol like those you are asking for this should be nearly impossible.

Although, there is a plan to implement OTR. Which has the afore-mentioned limitation . You cannot access messages from different devices nor from the same device after the current session has been closed.

@coder-hugo
Copy link

@AmShaegar13 this isn't correct. In your mentioned issue there are also discussions about using OMEMO for OTR messages. This is a multi-end-to-multi-end encryption and allows you to read your encrypted messages that are stored server-side on different devices without the need to exchange keys between your devices. There is just one important thing: All your devices must be registered on the server before the encrypted message was send. So new devices can't decrypt old messages. I'm using the OMEMO encryption on my private jabber server and this works pretty well.

@AmShaegar13
Copy link
Contributor

Well, I'm no expert. Sounds good to me. Now we need an expert to implement it. That would be awesome.

@c0fe
Copy link
Author

c0fe commented Jan 31, 2018

I am bit surprised by this since Signal app allows you to have encryption and read messages. Same goes for Skype (at least newer versions)

@jfml
Copy link

jfml commented Feb 25, 2018

@c0fe Yeah, I was just thinking the same thing: Signal can read messages from different devices (I have no ideas how messages are stored), so what happened to the plan of implementing the Signal Protocol?

@TwizzyDizzy
Copy link

@rocket-cat close

Hi folks! Please don't be mad at me, but I'm going to close this as there is no bug involved. Also, for a feature request (use Protocol X) it is not refined enough. But I kindly refer you to the feature request category in the forums: https://forums.rocket.chat/c/feature-requests

Please describe there what you want to be implemented and we'll see what the community is coming up with and what the feedback is.

Cheers
Thomas

@rocket-cat rocket-cat bot closed this as completed Mar 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@TwizzyDizzy @soundstorm @AmShaegar13 @jfml @coder-hugo @c0fe