j@mastodon@mastodon.socialtoMatrix•E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2: if you use Element or another client which uses those libraries, upgrade ASAP
3·
2 years agoI’m a random user but I did hear some discussion on the potential for this kind of vulnerability a while ago in the XMPP Conversations group chat.
OMEMO does not allow access to previous messages when you add a new device. If the message wasn’t originally encrypted for the target device, the device will not be able to read it. But the best place to ask this question is in that group chat.
@poVoq @sexy_peach
Isn’t matrix also based on session keys?
I think the issue is more about how keys are shared between devices, and access to previous messages granted?