“Early access” currently but I don’t pay for X or anything and it’s there for me. This comes after X were criticised and had all sorts of “backdoor” conspiracy theories being pushed after they took their private encrypted DMs offline the other day to add improvements.
Lmfao, 4 digit password? That’s like 1 femtosecond to bruteforce given whoever tries to access your messages isn’t rate-limited *ahem, feds*
That’s a 4 digits password behind your account password and 2FA lol.
I guess it can be done relatively securely using both the password and the code to derive the encryption key while not storing it on the servers (while 2fa isn’t of any help here given it’s kinda random with shared seed). I, however, doubt it’s done that way: 1st of all, decryption should then only be possible after one enters their account password for the second time, as well as the conversation password (since the password shouldn’t be stored in plaintext after you’ve entered it), and, secondly, that’ll basically drop the chat history as soon as one changes the password, which is neither convenient nor mentioned.
Then, if it works how I assume it does, i.e. the actual encryption key is stored on the xitter’s servers and only retrieved once you enter the encryption password, then they can decrypt your messages (either by immediately using that if the password just tells 'em who they should give the key to, or by bruteforcing the password if it decrypts/derives the actual key), which defeats the whole point of e2ee.
They specifically say they can not decrypt your messages.
Why does everyone in here think that E2E encryption is some insanely hard new thing? It’s been “solved” for years lol. It’s not hard to do.
Because cryptography is hard, especially when you’re trying to do it in a user-friendly manner, with syncing encrypted conversations between devices and whatnot. Like, it’s kinda the whole reason why the classic reply to “how do I make my own encryption algorithm” is “don’t”.
Also, with proprietary platforms you can’t make sure stuff’s encrypted the way they say it is