
Riot releases end-to-end encryption: get ready to chat securely - mxuribe
https://medium.com/@RiotChat/exciting-new-riot-release-get-ready-for-chatting-securely-acc93ecfe0a#.nrt6p0t6z
======
Arathorn
The Riot blog post is only half the story - all the juicy details for Matrix
itself are over at [https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-
en...](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-
security-assessment-released-and-implemented-cross-platform-on-riot-at-last/)

A critical thing is that the crypto library (olm) has had an independent
security assessment from NCC Group: you can see their report at
[https://www.nccgroup.trust/us/our-research/matrix-olm-
crypto...](https://www.nccgroup.trust/us/our-research/matrix-olm-
cryptographic-review/)

~~~
CiPHPerCoder
This is a good move on their part.

From a quick scan of the PDF, it looks like their higher-level Matrix library
mitigates attacks that Olm itself does not.

I'm not sure how I feel about that.

~~~
Arathorn
yeah, this was a tricky one. Many of the problems NCC found are concerned with
using the library correctly. For instance, if an app _wants_ to turn off PFS
for instance, it can. Technically this means that the library has a PFS
vulnerability. However, sometimes this is a feature - e.g. if I want to be
able to deliberately decrypt history to sync it to a new device.

We're looking at ways to try to better split the higher level crypto stuff
into another library (which we'll then get NCC to audit) - but until then
matrix-{js,ios,react}-sdk have implemented it separately.

------
bnjms
For those who check comments before following through to the story Riot is the
main web interface for the Matrix project, the opensouce IRC and slack
alternative. And Riot was formerly named Vector.From the look of it the
project is going great.

~~~
lockyc
Also, here's the link to the app [https://riot.im/](https://riot.im/). Since
it doesn't seem to be anywhere on the blogpost.

------
Pfhreak
I thought this was about League of Legends at first, and I was terrified that
Riot was going to make it harder to chase down toxic chat in their game.

~~~
aczerepinski
Same, especially since the gaming Riot has blogged about their very impressive
chat infrastructure in the past.

~~~
ClassyJacket
And about making improvements to network architecture.

[https://engineering.riotgames.com/news/fixing-internet-
real-...](https://engineering.riotgames.com/news/fixing-internet-real-time-
applications-part-ii)

Honestly at this point, this Riot should probably give up and change their
name. It didn't occur to me this could be about a different Riot.

~~~
detaro
They just recently changed their name _to_ Riot... (from "Vector")

------
CiPHPerCoder
[http://matrix.org/docs/guides/e2e_implementation.html](http://matrix.org/docs/guides/e2e_implementation.html)

I need to tear into this later, but I really hope they're not implementing
multi-party ECDH (which is perilous even if you're using X25519; if anyone
thinks about going down this route, please hire a cryptographer).

~~~
Arathorn
we're not. plus we hired cryptographers: [https://www.nccgroup.trust/us/our-
research/matrix-olm-crypto...](https://www.nccgroup.trust/us/our-
research/matrix-olm-cryptographic-review) :)

~~~
CiPHPerCoder
Excellent! This should go in a top-level comment so folks can review the audit
and study its findings.

------
hackuser
Would someone kindly explain what Riot and Matrix are, who is behind them,
etc.?

It's great to see them implementing this. If you're company is not, please get
busy - IMHO it should be the norm now.

[https://www.eff.org/deeplinks/2016/11/tech-companies-fix-
the...](https://www.eff.org/deeplinks/2016/11/tech-companies-fix-these-
technical-issues-its-too-late)

~~~
Arathorn
Matrix.org is a non-profit open source project that publishes an open standard
for decentralised interoperable communications (IM, VoIP, etc), an example
server implementation and a bunch of example client SDKs, bridges, bots, etc.
'Matrix' is the name of the resulting ecosystem on the 'net.

Riot.im is one of the various client apps for Matrix, supporting iOS &
Android, and is probably the most advanced at this point.

EDIT: clarify org structure: Matrix.org is being set up as a non-profit UK
company owned by the various individuals running it. The business model is to
create a new ecosystem for interoperable comms that everyone can benefit from.

Riot is a for-profit company (technically called Vector Creations Ltd) which
is a subsiduary of Amdocs (a big telco supplier company). The business model
is to offer paid hosted services in future for users wanting commercial-grade
hosting and hosting private bots/bridges/etc.

~~~
X4lldux
Since you are UK-based and Snooper's Charter is a thing now, how will that
affect Riot/Matrix? Will you be moving the official base to some countries
with greater respect for privacy?

~~~
Arathorn
Well, you can always use Riot with a Matrix server in whatever country you
like (or run by a company HQ'd in whatever country). And the code is all open,
so you can always check for backdoors or build your own copy. For folks
worried about the security of the default hosted service for Riot I guess we
could set up a canary or something but I really hope we won't get to that :(

(Also, in practice Riot is half UK and half French - although France has its
own fair share of crypto confusion).

------
qwertyuiop924
Finally. It's been a _long_ time coming. I'm very excited that it's finally
here.

------
Animats
Turn encryption on by default. Otherwise, it won't be used.

~~~
Arathorn
we're pretty confident that the folks we want betaing it (e.g. the HN
community) will turn it on. Meanwhile joe public has the option to experiment,
but we won't turn it on by default until we're sure we've got the nastiest
bugs out.

------
eganist
Hm. How'd they solve the trust-on-every-use problem over the web?

~~~
Arathorn
Atm you have to verify every new device in turn if you care about proving who
they are.

------
kasbah
Anyone know what's up with the versions? F-Droid is at 0.6.0 and Play Store on
0.6.1 and the linked blog post is talking about 0.9.0.

~~~
Arathorn
0.9.0 is web, 0.6.1 is android. 0.6.0 is lagging (0.6.1 is a bugfix release
made around 12:00 GMT) because fdroid takes ages to process builds.

------
detaro
Wait, it wasn't already? I never looked into it to closely, but their
marketing always suggested encryption was part of it.

~~~
qwertyuiop924
It had been implemented already but (and this was made quite clear in the docs
and on the site) it hasn't been production quality (it took a while to
implement, and then they were some cryptographers to check it over, IIRC).
Several of the matrix devs are HN regulars, so they ought to show up soon-ish,
and will hopefully let us know if I got that wrong.

~~~
Arathorn
You got it right :) It was on the web, but hadn't been audited yet (and lacked
encrypted attachments and VoIP signalling and other good stuff). Now it's been
audited ([https://www.nccgroup.trust/us/our-research/matrix-olm-
crypto...](https://www.nccgroup.trust/us/our-research/matrix-olm-
cryptographic-review/)), is available on Android & iOS too, and we have
encrypted VoIP & attachments too!

~~~
detaro
Thanks for the clarification!

