Signal allows optional mitigation of MITM attack via security code verification.
SimpleX and some p2p networks non-optionally prevent this attack by passing keys or their hashes as part of the connection link / address.
The table here has this comparison under "2-factor key exchange": https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html#end-to-end-encryption-security-attacks-and-defense
For example, Session, Cwtch and SimpleX have it. Signal and Matrix do not have it, but offer mitigation.
SimpleX Chat
npub1gs…zfy6l
2024-09-05 20:43:28 UTC
in reply to nevent1q…44d5
Author Public Key
npub1gsunl7x2y8ka4rn72y9zmzh0j8ntw8ln3956dxe4vg2mldpt4svsuzfy6lSeen on
wss://relay.momostr.pinkPublished at
2024-09-05 20:43:28 UTCEvent JSON
{
"id": "f13248fee8c99538a80743f0b257bb7375e6da6c401d19ffa41d20e2f4975416",
"pubkey": "44393ff8ca21edda8e7e510a2d8aef91e6b71ff38969a69b356215bfb42bac19",
"created_at": 1725569008,
"kind": 1,
"tags": [
[
"p",
"44393ff8ca21edda8e7e510a2d8aef91e6b71ff38969a69b356215bfb42bac19"
],
[
"e",
"8e17bb0129f07b2b63e4eb62eb0997ca06c9476cda25bb64a878954cb0925b40",
"",
"reply",
"44393ff8ca21edda8e7e510a2d8aef91e6b71ff38969a69b356215bfb42bac19"
],
[
"p",
"81f67fa59f30b52b2a0ef6a95056e81e51d0ffac07c5a0e84020ec2b3ba83c70"
],
[
"e",
"da86dd945ecb931809ddb0c46ab5b48e6878d7c03562b1abc002e3c3c442b7ad",
"",
"root",
"44393ff8ca21edda8e7e510a2d8aef91e6b71ff38969a69b356215bfb42bac19"
],
[
"proxy",
"https://mastodon.social/@simplex/113086890554858362",
"web"
],
[
"proxy",
"https://mastodon.social/users/simplex/statuses/113086890554858362",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/simplex/statuses/113086890554858362",
"pink.momostr"
],
[
"-"
]
],
"content": "Signal allows optional mitigation of MITM attack via security code verification.\n\nSimpleX and some p2p networks non-optionally prevent this attack by passing keys or their hashes as part of the connection link / address.\n\nThe table here has this comparison under \"2-factor key exchange\": https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html#end-to-end-encryption-security-attacks-and-defense\n\nFor example, Session, Cwtch and SimpleX have it. Signal and Matrix do not have it, but offer mitigation.",
"sig": "d5b7e6244ace0b05ab9a0e59222b91e274e54d1d69e643d1980c4b4c4dea03702f574ca946813ebcc83e95899e0e76743c9a2946b86211edf028aebce9fa8e86"
}