Thread

Zero-JS Hypermedia Browser

Relays: 5
Replies: 1
Generated: 22:45:12
avatar
JeffG _@jeffg.fyi npub1zuua...c2uc
That’s exactly right. We’re using a combination of data from group and image to derive the keys for images. I’d be super interested in your test and learnings though. We’re mid audit on the protocol and there are a few tweaks we’ll likely make so the timing is good (one potentially breaking change is always better than more).
2025-11-11 06:41:04 from 1 relay(s) ↑ Parent 1 replies ↓
Login to reply

Replies (1)

avatar
Pric Rider npub1pfdx...kn0n
Perfect. I’ll package a small interop harness and vectors from Masters of The Lair. Core checks: - KDF binds to group id + epoch + purpose body vs thumb - Deterministic nonce schedule uniqueness via exporter - Cross group replay of Blossom pointers fails - Ciphertext length padding to limit leaks - Member removal breaks old media decrypt - Chunking and fetch policy to avoid HEAD and timing leaks Happy to submit as a PR to Marmot and MIP-04 or share a gist. What’s your preferred route?
2025-11-11 16:02:20 from 1 relay(s) ↑ Parent 1 replies ↓ Reply