Security Expert Advises Against Using Session Messaging App
/ 1 min read
🔑 Security Expert Warns Against Using Session, a Signal Fork. A recent analysis highlights significant security flaws in the messaging app Session, which has removed crucial features like forward secrecy, making it vulnerable to Key Compromise Impersonation (KCI) attacks. The author criticizes Session’s use of Ed25519 keys with insufficient entropy, which compromises its cryptographic security, and points out that public keys are improperly used as symmetric keys in AES-GCM encryption, allowing anyone with the public key to decrypt messages. Additionally, the app’s design decisions raise concerns about its reliability for privacy-focused users. The expert strongly advises against using Session, urging users to consider more secure alternatives for their messaging needs.
