Hacker News new | past | comments | ask | show | jobs | submit login

Disclaimer: I'm not an expert in this stuff, just a 3rd party client developer who is interested in the topic.

AFAIK, there are two ways to validate a new device in Matrix.

It sounds like you're describing the interactive device validation procedure. After that, your two devices trust each other, and the old device can "cross sign" the public key of your new device, so others can trust it too.

Personally for me, even with cross-signing, I was still getting a significant number of messages that failed to decrypt. Usually I think the problem was that one of my devices wasn't around to receive the original version of some key. And for whatever reason, even with cross-signing, it wasn't getting the keys from my other devices. For example, maybe my other devices were offline at the time.

The fix for me was to go the passphrase route. Now, regardless of what device I'm on, the passphrase gets me access to all of my secrets via the encrypted blob on the server.




Interactive verification gets you access to all secrets too. It's a question of having enabled key backup without which you cloud loose keys




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: