[Cryptography] Wire.com: private communications, always encrypted
Perry E. Metzger
perry at piermont.com
Mon Mar 14 21:08:10 EDT 2016
> On Sat, Mar 12, 2016 at 2:32 PM, Henry Baker <hbaker1 at pipeline.com>
> wrote:
> > Details of wire.com security:
> >
> >
> > https://assets.documentcloud.org/documents/2756350/Wire-Security-Whitepaper.pdf
On Sat, 12 Mar 2016 15:42:55 -0800 Tony Arcieri <bascule at gmail.com>
wrote:
> The actual crypto employed looks fine (Axolotl), but they support
> SMS login which has many vulnerabilities (forced number porting,
> IMSI catchers, telco MitMs, telco coercion, shoulder surfing just
> to name a few). Telegram offers the same feature, and it's
> routinely been exploited, especially by state-level attackers. See:
>
> https://www.fredericjacobs.com/blog/2016/01/14/sms-login/
Having started to read through their security whitepaper, they're
being exceptionally open about how everything works, which is nice,
but there's no apparent external code audit (anyone know)?
There's also a lot of weird little details -- they use ChaCha20 with
Axolotl, for example, but they encrypt large binary assets using AES
and send the keys via Axolotl. Stacking things this way means you're
not more secure than the least secure of the two crypto algorithms,
which seems unnecessary even if AES is highly unlikely to be
compromised.
I haven't given the thing a lot of examination yet but I'd be
interested in getting the opinions of more people on the list.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list