In this case authentication is provided through a shared secret (the room name).... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nybble41 on June 16, 2020 \| parent \| context \| favorite \| on: Show HN: Briefing – Anonymous, secure, open source... In this case authentication is provided through a shared secret (the room name). An arbitrary MitM wouldn't know the room name since the connection to the server is also encrypted. Unfortunately this isn't much of a secret, since the server also knows the room name, but it's a start. There is an open issue to add password-protected rooms which would fix that problem.

Andrew_nenakhov on June 17, 2020 | [–]

In most e2ee threat models the biggest source of threat is the server that mediates the data exchange. Other threats are sufficiently thwarted with TLS, so ... ... these Briefing guys should better bring on these password protected rooms if they want to put this end to end encryption claim on their website.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact