Ancestors

Toot

Written by Dan Goodin on 2025-01-15 at 17:31

A fork of the Signal Messenger known as Sessions has omitted several important security properties found in the original source code, making it a less secure alternative, a researcher says. The deficiencies include:

-- no forward secrecy

https://soatok.blog/2025/01/14/dont-use-session-signal-fork/

=> More informations about this toot | More toots from dangoodin@infosec.exchange

Descendants

Written by rugk on 2025-01-15 at 19:03

@dangoodin

Thanks @soatok

=> More informations about this toot | More toots from rugk@chaos.social

Written by scriptjunkie on 2025-01-15 at 19:28

@dangoodin That post totally misunderstands signature schemes and how they are used.

https://social.scriptjunkie.us/@sj/113834017119054709

=> More informations about this toot | More toots from sj@social.scriptjunkie.us

Written by Robert Gützkow on 2025-01-15 at 21:18

@sj @dangoodin the signature should be validated with a key that you know belongs to the legitimate sender. If you just use the public key that is contained within the very same message you are trying to validate then what is stopping an attacker from supplying a key of their choice?

=> More informations about this toot | More toots from robertguetzkow@infosec.exchange

Written by scriptjunkie on 2025-01-16 at 02:33

@robertguetzkow @dangoodin I think you're assuming there's another "from" address in the message or connection context or something. There isn't. The public key is the identifier of the sender. There's no separate "from" address. The attacker can't put a different key into a message "from" Alice. It would no longer be a message from Alice. It would (accurately) be a message from the attacker.

=> More informations about this toot | More toots from sj@social.scriptjunkie.us

Written by Robert Gützkow on 2025-01-16 at 06:19

@sj @dangoodin how would you know whether or not the public key belongs to Alice? Usually in protocols you would have a handshake at the beginning where you'd verify that the sender can sign a message properly. The public key of the sender would have to be known prior and out of band (think certificates like in TLS). Here they just place the public key in the message and use it for the signature verification. As far as I can see, there is nothing in the snippet ensuring that the public key belongs to the sender we are expecting to communicate with.

=> More informations about this toot | More toots from robertguetzkow@infosec.exchange

Written by scriptjunkie on 2025-01-16 at 13:17

@robertguetzkow @dangoodin sharing a public key out of band is literally how you start chatting with someone

=> More informations about this toot | More toots from sj@social.scriptjunkie.us

Written by scriptjunkie on 2025-01-16 at 03:04

@dangoodin Oh and if the hop crypto is really broken the worst case thing that happens is that the network could see IPs of who sent and received messages through their nodes if they had entry/exit nodes. Quick! Everybody rush back to Signal... where the network sees the IP of who sent and received all messages and the phone numbers of who sent and received messages, which is far more sensitive, personal, and identifying.

Just once what I would give for people to understand the log/speck principle.

=> More informations about this toot | More toots from sj@social.scriptjunkie.us

Written by Eloy on 2025-01-15 at 20:17

@dangoodin "Stay away from this offering unless you really, really, really know what you're doing"

well, @soatok really knows what he's doing and is staying away from it, I would advice anyone to stay away from it

=> More informations about this toot | More toots from eloy@hsnl.social

Written by Wednesday on 2025-01-15 at 20:25

@dangoodin I don't understand but this is disappointing to hear. I use Session to send files across devices because Signal doesn't let you install it across more than two phones. And that is a feature I find really useful for the "note to self" feature.

=> More informations about this toot | More toots from DreadfulUtopia@mastodon.social

Written by John-Mark Gurney on 2025-01-16 at 03:04

@DreadfulUtopia

For sending between devices, I'd use magic wormhole. The protocol was designed by someone I know (not current maintainer) and I would trust to get it correct.

There's an Android app, don't know if there's an iOS app or not.

https://github.com/magic-wormhole/magic-wormhole

@dangoodin

=> More informations about this toot | More toots from encthenet@flyovercountry.social

Written by Wednesday on 2025-01-16 at 16:46

@encthenet @dangoodin I will take a look, thanks.

=> More informations about this toot | More toots from DreadfulUtopia@mastodon.social

Written by Robert Gützkow on 2025-01-15 at 21:08

@dangoodin "less secure" is a very cautious description of utterly broken by design.

=> More informations about this toot | More toots from robertguetzkow@infosec.exchange

Written by :anarchy: Boo$h33 :RiotsNotDiets: on 2025-01-15 at 21:35

@dangoodin In fairness, the only acceptable alternative to signal is wire. Period.

=> More informations about this toot | More toots from ping4pong@infosec.exchange