please add protection against MiTm attacks

azdwerf · February 11, 2025, 6:13am

denschub · February 11, 2025, 6:14am

Please elaborate what you think a MitM attack is, how and where it affects diaspora*, and what you suggest doing against it.

azdwerf · February 11, 2025, 6:25am

I propose to implement end-to-end multilevel encryption aes 256 with GCM mode with key length 256 bits and encryption of symmetric key with RSA asymmetric encryption with key length 4096 bits and data transfer via TLS v1.3

denschub · February 11, 2025, 6:32am

Okay, you’re either one of those weird spam bots, or you’re a real human that’s just a bit naive, but trying to be helpful. I’ll assume the latter.

You already proposed end-to-end-encryption in an earlier thread, and I linked you to the earlier discussion on that, which also explains why it’s a lot harder than you imagine. In addition to that, I strongly suggest reading up on how the diaspora* protocol works, because you’ll learn that we use a surprisingly strong transport encryption that also verifies sender and message integrity.

If a malicious node administrator hosting you is part of your threat model, you can either host your own pod, or… probably more appropriately, use a project that’s designed for secure communication. diaspora* is not Signal.