Vitor Pamplona on Nostr: Correct. You have to keep the ratcheting state outside of Nostr, which means that ...
Correct. You have to keep the ratcheting state outside of Nostr, which means that either only one client had access to your DM and/or different clients see different DMs, or that you have a way to import and export the ratcheting state from app to app manually, off from nostr.
The later becomes a better point of attack. You don't need to break the decryption if you can just get the state by attacking the import/export function directly.
Published at
2024-10-11 07:11:06Event JSON
{
"id": "6a36792f81007e7c8671f597468ddcbb291fe26163afbb8165f68fe45d01438e",
"pubkey": "460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c",
"created_at": 1728630666,
"kind": 1,
"tags": [
[
"e",
"7bfbedcbf3a2f51fc7ea787d91a9edc64a74b0783cdca2dc048415a87f1c2914",
"",
"root"
],
[
"e",
"eaa9bc9943a03b8276244c5ee70da459a89a3afaf455c667bbc01e1445e38bb7",
"",
"reply"
],
[
"p",
"4523be58d395b1b196a9b8c82b038b6895cb02b683d0c253a955068dba1facd0"
],
[
"p",
"577de06dce160a0379163a4bb7b680be3e0a0e1c68de6e6ba8c01134b44064dd"
]
],
"content": "Correct. You have to keep the ratcheting state outside of Nostr, which means that either only one client had access to your DM and/or different clients see different DMs, or that you have a way to import and export the ratcheting state from app to app manually, off from nostr. \n\nThe later becomes a better point of attack. You don't need to break the decryption if you can just get the state by attacking the import/export function directly.",
"sig": "b4d1cb88a16c7d24efa1534978ec5ebd80266125f504b5d7ba6783aab2c2f9935d2da0e44ed37dd1c5e9a90a72fd3b90f7b73811bf9c130a2f5af9591d3b4acc"
}
