delta.chat advertises that they provide “🔒 Audited end-to-end encryption safe against network and server attacks”, but if you click through it turns out that supposed audit:
(1) didn’t actually cover their e2ee but only a key establishment protocol and
(2) wasn’t actually an audit. Instead, unprompted, some researchers took a look at that key establishment protocol and found 20(!!) separate flaws. This research was not intended as an audit, nor was it commissioned or paid by delta.chat.
(1) didn’t actually cover their e2ee but only a key establishment protocol and
(2) wasn’t actually an audit. Instead, unprompted, some researchers took a look at that key establishment protocol and found 20(!!) separate flaws. This research was not intended as an audit, nor was it commissioned or paid by delta.chat.
2
