Skip to content

Commit

Permalink
Update 2024-08-28-libolm-deprecation.md for style
Browse files Browse the repository at this point in the history
  • Loading branch information
neilisfragile authored Aug 28, 2024
1 parent e52e279 commit c121072
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions content/blog/2024/08/2024-08-28-libolm-deprecation.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ author = ["Neil Johnson"]
category = ["Cryptography"]
+++

Folks, it’s been a few weeks since we announced the [deprecation of libolm](https://gitlab.matrix.org/matrix-org/olm/-/blob/master/README.md?ref\_type=heads\#important-libolm-is-now-deprecated). Since then, we’ve fielded some questions on the subject and thought it would be helpful to collect this context in a blog post.
It’s been a few weeks since we announced the [deprecation of libolm](https://gitlab.matrix.org/matrix-org/olm/-/blob/master/README.md?ref\_type=heads\#important-libolm-is-now-deprecated). Since then, we’ve fielded some questions on the subject and thought it would be helpful to collect this context in a blog post.

First up, a recap. We first introduced the idea that [libolm would make way for Vodozemac](https://matrix.org/blog/2022/05/16/independent-public-audit-of-vodozemac-a-native-rust-reference-implementation-of-matrix-end-to-end-encryption/) in 2022 following the [Gematik](https://www.gematik.de/) sponsored audit from [Least Authority](https://leastauthority.com/).

Expand All @@ -23,7 +23,7 @@ Quoting selectively:

> We’re not aware of any way to actually exploit these weaknesses over the network, but we continue to strongly recommend developers to migrate to [vodozemac](https://github.com/matrix-org/vodozemac) (or fork libolm to add better primitives). We should have done a better job of explicitly deprecating libolm sooner (and/or improving its primitives) \- but all of our focus has been on ensuring that vodozemac is excellent, to the detriment of libolm. Apologies to those who are now finding themselves expediting libolm replacement.
So what does this mean if you are building an app that has a dependency on libolm?
**So what does this mean if you are building an app that has a dependency on libolm?**

* We have been public from the outset that that libolm’s primitives are functionally correct, but not resilient to timing attacks
* [Repository issue](https://github.com/matrix-org/olm/issues/3)
Expand Down

0 comments on commit c121072

Please sign in to comment.