[messaging] Yet another secure messaging app

Tony Arcieri bascule at gmail.com
Wed Mar 25 01:27:28 PDT 2015 

I'm basically of the opinion that "one time pad" == "snake oil" and there's
not a whole lot left to be discussed from there until we have SAT-solving
quantum computers

On Tue, Mar 24, 2015 at 9:25 PM, Joseph Bonneau <jbonneau at cs.stanford.edu>
wrote:

> Beyond the fact that switching to one-time pad addresses such a tiny risk
> compared to other risks to users that this is inherently dumb and the app
> is almost certainly broken in many other ways, I might assign the following
> question to a Crypto 101 undergraduate course:
>
> "Zendo is using one-time pads, which can remove vulnerability to a
> symmetric cipher being cryptanalyzed successfully. However, what are three
> ways that Zendo still relies on symmetric crypto primitives for its
> security?"
>
> Answer:
>
> 1) Most mobile devices can't generate 500k of true randomness in a short
> period of time, so they're using a PRNG to generate it.
>
> 2) They can't transfer 500k of one-time pad over the visual channel (which
> they assume is secure) so they transmit an AES-256 key over that channel,
> then encrypt the one-time pad and send it over a data channel.
>
> 3) They are using HMAC, instead of a one-time MAC based on universal
> hashing.
>
> The third one is actually an easy fix, they probably just didn't know
> about this and there isn't really library support sitting around. The first
> two they can't very easily fix.
>
> On Mar 24, 2015 5:14 PM, "Tony Arcieri" <bascule at gmail.com> wrote:
>
>> Some delicious http://snakeoil.cr.yp.to/
>>
>> On Tue, Mar 24, 2015 at 3:01 PM, Tim Bray <tbray at textuality.com> wrote:
>>
>>> http://techcrunch.com/2015/03/24/one-time-pads-ride-again/  Typically
>>> semiliterate write-up.
>>>
>>> --
>>> - Tim Bray (If you’d like to send me a private message, see
>>> https://keybase.io/timbray)
>>>
>>> _______________________________________________
>>> Messaging mailing list
>>> Messaging at moderncrypto.org
>>> https://moderncrypto.org/mailman/listinfo/messaging
>>>
>>>
>>
>>
>> --
>> Tony Arcieri
>>
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
>>
>>


-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150325/7494d4ba/attachment.html>

More information about the Messaging mailing list