Ancestors

Written by Dan Goodin on 2025-01-15 at 17:31

A fork of the Signal Messenger known as Sessions has omitted several important security properties found in the original source code, making it a less secure alternative, a researcher says. The deficiencies include:

-- no forward secrecy

https://soatok.blog/2025/01/14/dont-use-session-signal-fork/

=> More informations about this toot | More toots from dangoodin@infosec.exchange

Written by scriptjunkie on 2025-01-15 at 19:28

@dangoodin That post totally misunderstands signature schemes and how they are used.

https://social.scriptjunkie.us/@sj/113834017119054709

=> More informations about this toot | More toots from sj@social.scriptjunkie.us

Written by Robert Gützkow on 2025-01-15 at 21:18

@sj @dangoodin the signature should be validated with a key that you know belongs to the legitimate sender. If you just use the public key that is contained within the very same message you are trying to validate then what is stopping an attacker from supplying a key of their choice?

=> More informations about this toot | More toots from robertguetzkow@infosec.exchange

Written by scriptjunkie on 2025-01-16 at 02:33

@robertguetzkow @dangoodin I think you're assuming there's another "from" address in the message or connection context or something. There isn't. The public key is the identifier of the sender. There's no separate "from" address. The attacker can't put a different key into a message "from" Alice. It would no longer be a message from Alice. It would (accurately) be a message from the attacker.

=> More informations about this toot | More toots from sj@social.scriptjunkie.us

Toot

Written by Robert Gützkow on 2025-01-16 at 06:19

@sj @dangoodin how would you know whether or not the public key belongs to Alice? Usually in protocols you would have a handshake at the beginning where you'd verify that the sender can sign a message properly. The public key of the sender would have to be known prior and out of band (think certificates like in TLS). Here they just place the public key in the message and use it for the signature verification. As far as I can see, there is nothing in the snippet ensuring that the public key belongs to the sender we are expecting to communicate with.

=> More informations about this toot | More toots from robertguetzkow@infosec.exchange

Descendants

Written by scriptjunkie on 2025-01-16 at 13:17

@robertguetzkow @dangoodin sharing a public key out of band is literally how you start chatting with someone

=> More informations about this toot | More toots from sj@social.scriptjunkie.us

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/113836581700365875
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 275.815357 milliseconds
Gemini-to-HTML Time: 2.021197 milliseconds

This content has been proxied by September (3851b).