Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped.
Transcript: https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/
Links: https://mjg59.dreamwidth.org/66791.html https://help.twitter.com/en/using-twitter/encrypted-direct-messages https://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-dms/ BrokenKDF2BytesGenerator: https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java#L70 Analysis from sweis: https://twitter.com/sweis/status/1657082478727933954?s=20 https://signal.org/docs/specifications/x3dh/ https://signal.org/docs/specifications/doubleratchet/ https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages Trail of Bits has not audited nor signed a contract yet, per Platformer: https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped.
Transcript: https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/
Links: https://mjg59.dreamwidth.org/66791.html https://help.twitter.com/en/using-twitter/encrypted-direct-messages https://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-dms/ BrokenKDF2BytesGenerator: https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java#L70 Analysis from sweis: https://twitter.com/sweis/status/1657082478727933954?s=20 https://signal.org/docs/specifications/x3dh/ https://signal.org/docs/specifications/doubleratchet/ https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages Trail of Bits has not audited nor signed a contract yet, per Platformer: https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis
Dansk
Danmark