recentpopularlog in

e2e

« earlier   
Attack of the Week: Group Messaging in WhatsApp and Signal - @matthew_d_green
New research released at the Real World Crypto security conference shows some theoretical flaws affecting the security of group messaging apps. However, the attacks would be exceedingly difficult to actually carry out, so there is no real risk here. Executing the attack would require knowing a a group chat's "group ID," which is a random 128-bit number, which would be extremely difficult to attain (let alone guess). As crypto expert (and OTF AC member) Matthew Green writes, the research "takes a close look at the problem of group messaging, and finds that while messengers may be doing fine with normal (pairwise) messaging, group messaging is still kind of a hack.

If all you want is the TL;DR, here’s the headline finding: due to flaws in both Signal and WhatsApp (which I single out because I use them), it’s theoretically possible for strangers to add themselves to an encrypted group chat. However, the caveat is that these attacks are extremely difficult to pull off in practice, so nobody needs to panic."

There are some differences between how this issues affects Signal vs. WhatsApp, as laid out by Green in fuller detail in the full blog post linked to above. The full research (here https://eprint.iacr.org/2017/713.pdf) also looks at messaging app Threema.
otf  messaging  security  e2e  encryption  privacy  whatsapp  signal 
12 days ago by dmcdev
Attack of the Week: Group Messaging in WhatsApp and Signal – A Few Thoughts on Cryptographic Engineering
If all you want is the TL;DR, here’s the headline finding: due to flaws in both Signal and WhatsApp (which I single out because I use them), it’s theoretically possible for strangers to add themselves to an encrypted group chat. However, the caveat is that these attacks are extremely difficult to pull off in practice, so nobody needs to panic. But both issues are very avoidable, and tend to undermine the logic of having an end-to-end encryption protocol in the first place. (Wired also has a good article.)
crypto  e2e 
12 days ago by dadrian
E2E Testing React applications with TestCafe – Hacker Noon
Born deep inside Facebook labs, React gained a huge popularity among the developers who make web applications with complex user interfaces. Being widely used in single-page application projects that…
testing  e2e  integration  react.js 
16 days ago by trodrigues
NeoPG: a multiversal crypto engine
NeoPG is written in C++11. It starts out as an opinionated fork of the GnuPG code base, and hopefully will evolve to something entirely different.
userland  service  security  ciphering  e2e 
21 days ago by sprgchma
So You Want to Build a P2P Twitter with E2E Encryption?
Interesting demo of end to end encryption on a peer to peer twitter clone
e2e  P2P  gun.js  encryption  chat  IM  client  demo  proof-of-concept 
4 weeks ago by asteroza

Copy this bookmark:





to read