You are reading content from Scuttlebutt
@ev %r6svpbs8bm6Obk1wS1y3tZ2OR8Xdgp5AMYLkz86gBs8=.sha256
{
  "type": "edit",
  "branch": "%eg4ZE7orgCJdYErmsrKMXPIHXJ7to0hZ0kUKn8SeAXQ=.sha256",
  "root": "%I6FaCzdXcKAiZp0LVhwVluDeDkhNPGQXEqNEkUFLq34=.sha256",
  "updated": "%eg4ZE7orgCJdYErmsrKMXPIHXJ7to0hZ0kUKn8SeAXQ=.sha256",
  "original": "%eg4ZE7orgCJdYErmsrKMXPIHXJ7to0hZ0kUKn8SeAXQ=.sha256",
  "text": "I want to give a brief update on the status of this vulnerability/bug.\n\nBetween [@Christian Bundy](@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519) [@cryptix](@p13zSAiOpguI9nsawkGijsnMfWmFd5rlUNpzekEE+vI=.ed25519) and I, we've determined this to have been an unintentional bug that was introduced when scuttlebot got private indexing, and fixed when the connections layer was introduced.\n\nI think this means many of the folks out there who are using the latest scuttlebot are not effected, and _should_ be able to consider their private messages secure. (Well, as secure as anyone should consider a highly experimental cryptography project that has not been audited by a neutral third party.)\n\nI've taken the preventative step of turning off private messages in my publically served  lite client at http://decent.evbogue.com/ , until I can figure out how to disable private message indexing and/or get it working well with the latest scuttlebot and the lite client. \n\nIf anyone else is using lite clients, you should consider doing the same -- if you're offering connections to peers who are not using the same public/private keypair as the server. \n\nThe only other team I know if who is using lite clients is [@regular](@nti4TWBH/WNZnfwEoSleF3bgagd63Z5yeEnmFIyq0KA=.ed25519) and [@jfr](@e84qV/tx9w1ZiOIxU3+fOpirrT8rP3YqDydRgfk076c=.ed25519), so ccing you guys to make sure you know about this bug. ",
  "mentions": [
    {
      "link": "@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519",
      "name": "Christian Bundy"
    },
    {
      "link": "@p13zSAiOpguI9nsawkGijsnMfWmFd5rlUNpzekEE+vI=.ed25519",
      "name": "cryptix"
    },
    {
      "link": "@nti4TWBH/WNZnfwEoSleF3bgagd63Z5yeEnmFIyq0KA=.ed25519",
      "name": "regular"
    },
    {
      "link": "@e84qV/tx9w1ZiOIxU3+fOpirrT8rP3YqDydRgfk076c=.ed25519",
      "name": "jfr"
    }
  ]
}
Join Scuttlebutt now
AGPLv3 © ssb-viewer 38c61a5