"The company claims the new communication feature is end-to-end encrypted, meaning messages exchanged on it can only be read by the sender and their receiver, and - in theory - no one else, including X, can access them. Cryptography experts, however, are warning that X's current implementation of encryption in XChat should not be trusted. They're saying it's far worse than Signal, a technology widely considered the state of the art when it comes to end-to-end encrypted chat."
"In XChat, once a user clicks on "Set up now," X prompts them to create a 4-digit PIN, which will be used to encrypt the user's private key. This key is then stored on X's servers. The private key is essentially a secret cryptographic key assigned to each user, serving the purpose of decrypting messages. As in many end-to-end encrypted services, a private key is paired with a public key, which is what a sender uses to encrypt messages to the receiver."
X has rolled out XChat, a messaging feature that the company says uses end-to-end encryption so only senders and receivers can read messages. Cryptography experts warn that XChat's implementation is significantly weaker than Signal. X prompts users to create a 4‑digit PIN to encrypt their private key, and stores the private key on X's servers rather than on user devices. Researchers say server-side key storage allows the company to tamper with or access keys unless keys are protected in Hardware Security Modules (HSMs). X claims to use HSMs but has not provided proof, leaving trust concerns unresolved.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]