i'm not sure you understand the function of encryption nonces, they ensure that for every message the secret is effectively a new one... there is zero chance of a plaintext attack in this, so long as the quality of the entropy of the nonce is adequate i agree that there should be padding but i don't think it should be the stupid "pad out to next power of 2" of nip-44 is retarded it should just be a random amount extra and you just put a zero byte at the end of the actual string and fill the rest with garbage... i've written what i think is an adequate message length obfuscation method on indra so, yeah, no, there is zero risk of a plaintext attack even if people keep saying "hi" over and over again in their messages the nip-44 scheme is seriously wasteful of data size with its power of two scheme, and doesn't really help anything, and it doesn't matter if the padding is noise or spaces because it's already obscured by the combination of the shared secret combined with the nonce auth and not letting users see other people's messages solves way more problems than this retarded complicated nip-44 scheme, that is also wasteful of data size

Feel free to offer better padding. Padding was discussed at length before and after nip44 and directly audited by the firm. No one has proposed anything better yet. I strongly disagree with your "zero risk of plain text attack". There are folks here, with money, whose sole goal is to break our encryption.

the public leak is because relays are not implementing auth and until recently almost no clients did either this is a really small change that prevents this leaking, the main threat users can control their use of relays and if it is discovered a relay is run by spooks, then people can avoid it it's not rocket science... don't allow access to DMs without auth. end of. making complicated obfuscation schemes are not going to help, because "giftwrap" just means the receiver is mentioned not the sender how does a client migrate this data across to other clients the user is using if they then have to literally search for other people's DMs that *might* have been sent by them you really need to think a lot more about what the actual problems are instead of wrapping it in more and more complicated encryption schemes