[Cryptography] Wire.com: private communications, always encrypted

Tony Arcieri bascule at gmail.com
Sat Mar 12 18:42:55 EST 2016


The actual crypto employed looks fine (Axolotl), but they support SMS login
which has many vulnerabilities (forced number porting, IMSI catchers, telco
MitMs, telco coercion, shoulder surfing just to name a few). Telegram
offers the same feature, and it's routinely been exploited, especially by
state-level attackers. See:

https://www.fredericjacobs.com/blog/2016/01/14/sms-login/

On Sat, Mar 12, 2016 at 2:32 PM, Henry Baker <hbaker1 at pipeline.com> wrote:

> https://wire.com/?hl=en
>
> "Go ahead, make some free, end-to-end encrypted video calls on Wire"
>
> Details of wire.com security:
>
>
> https://assets.documentcloud.org/documents/2756350/Wire-Security-Whitepaper.pdf
>
> ------
> Interesting timing, this wire.com announcement.
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography




-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160312/3ab839cc/attachment.html>


More information about the cryptography mailing list