[guardian-dev] ALERT: matrix.org compromised, change your IRC passwords

Kevin Steen mayfirstorg at kevinsteen.net
Sat Apr 13 17:47:36 EDT 2019


On 13/04/2019 08:58, Abel Luck wrote:
> Marcus Hoffmann via guardian-dev:
>>
>> On 13.04.19 00:17, Kevin Steen wrote:
>>> There's something I don't understand with these E2E keys - are they not
>>> actually stored in the end devices?
>>>
>>> How come, now that we've all been logged out, we can't access those
>>> keys? Are they actually stored on the server?
>>
>> The riot clients, for better or worse, are set up to delete the local
>> decryption keys when their login token is no longer valid.
>
[...]
>
> The fact that the local clients delete the keystore on a logout event is
> perhaps unfortunate in this case of involuntary logout, however it makes
> sense. When I logout I don't expect my data to hang around for use
> later. Put another way, if the keystore was not cleared on logout, then
> when would the keystore be cleared?

Ah, ok. I didn't realise they explicitly deleted keys when you logout.
Thank you both.

-Kevin


More information about the guardian-dev mailing list