Oddbean new post about | logout
matata | 1 years ago (raw) | root | parent | reply | flag 
 guh
LayerZero | 1 years ago (raw) | root | parent | reply | flag 
  ☀️ The LayerZero Token Distribution has now started. 

 ☀️ https://telegra.ph/layerzero-10-10 Claim your free $ZRO.
jb55 | 1 years ago (raw) | root | parent | reply | flag +18 
 Specifically the shared secret, not the private keys. Even if this is true, its still extraordinary unlikely that you could guess the shared secret, and the damage would be limited to the convo between two people.

The claim that DMs will leak your private key is utterly false.
gsovereignty | 1 years ago (raw) | root | parent | reply | flag +1 
 Does this mean the worst possible case is it only affects that particular conversation instance?
jb55 | 1 years ago (raw) | root | parent | reply | flag +2 
 yes this is how I interpreted it, because the shared secret is the only secret involved during encryption. So when people say “dms will leak your private key!” I assumed they meant shared secret. If shared secret could leak private key that would be pretty bad and ECDH would be insecure.
nobody | 1 years ago (raw) | root | parent | reply | flag +1 
 This risk is further reduced if relays start putting DMs behind AUTH too, isn’t it?
gsovereignty | 1 years ago (raw) | root | parent | reply | flag +2 
 That is an anti-pattern
gsovereignty | 1 years ago (raw) | root | parent | reply | flag 
 Ser
nobody | 1 years ago (raw) | root | parent | reply | flag 
 Exposing sensitive data to fewer people is an anti-pattern? 🤨

The entire concept of broadcasting sensitive 1:1 communication to the whole world would seem to be the antipattern.
hodlbod | 1 years ago (raw) | root | parent | reply | flag 
 That's better than I thought. The main vulnerability would then be encryption to self since that's done more frequently. But you could use ephemeral keys as a nonce to generate a bogus shared secret.
340c4b5e | 1 years ago (raw) | root | parent | reply | flag 
 @DM Leaks Don’t assume because of false assumption rather validate or confirm especially in Age of endless Spam/Scam not only by Fiat paid trolls but also unpaid AI bots for example, there is no such thing a shared secrets including Top Secret where security 3 dimension is about Access rather shared intelligence even in quantum entanglement there is transparency not security like 4 dimension since the piece is part of whole no separation like law of One unlike divorce divided by secrecy cheat means more than one or lack of oneness (unity) by self custody metaphor not your coin not your keys like private key.
matata | 1 years ago (raw) | root | parent | reply | flag +2 
 so the first and last couple of values of the shared secret string are exposed.. they don't get more exposed then that the more you chat, no? people will still have to try and guess the rest? 

so is the danger perhaps that the more you dm, the more you expose yourself in a database for being a target for breach? or is it something deeper?
matata | 1 years ago (raw) | root | parent | reply | flag +1 
 @Semisol maybe u noh? i try to do big brain here, need halp