[Cryptography] At what point should people not use TLS?
Bill Cox
waywardgeek at gmail.com
Fri Apr 8 08:52:38 EDT 2016
On Thu, Apr 7, 2016 at 9:46 PM, Tony Arcieri <bascule at gmail.com> wrote:
> On Thu, Apr 7, 2016 at 9:16 AM, Bill Cox <waywardgeek at gmail.com> wrote:
>
>> Noise Pipes looks very cool, but I cannot find any source code used by
>> WhatsApp that implements Noise Pipes. Can any of you folks find it? I am
>> interested in trying to understand the security of their implementation,
>> but can't find the source code.
>>
>
> I haven't gotten any information on what implementation they're using. I
> suspect it may be closed source.
>
> That said, I am fairly sure they're *not* using Trevor Perrin's Rust
> implementation "Screech", although that looks quite interesting.
>
I agree it is likely their implementation is closed source, at least for
now. If true, that's a shame, especially since they have made at least one
rookie mistake already, by not using ZRTP-style hash commitments. It makes
me worry their crypto is vulnerable.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160408/63d3517e/attachment.html>
More information about the cryptography
mailing list