[messaging] Yet another secure messaging app
bascule at gmail.com
Wed Mar 25 01:27:28 PDT 2015
I'm basically of the opinion that "one time pad" == "snake oil" and there's
not a whole lot left to be discussed from there until we have SAT-solving
On Tue, Mar 24, 2015 at 9:25 PM, Joseph Bonneau <jbonneau at cs.stanford.edu>
> Beyond the fact that switching to one-time pad addresses such a tiny risk
> compared to other risks to users that this is inherently dumb and the app
> is almost certainly broken in many other ways, I might assign the following
> question to a Crypto 101 undergraduate course:
> "Zendo is using one-time pads, which can remove vulnerability to a
> symmetric cipher being cryptanalyzed successfully. However, what are three
> ways that Zendo still relies on symmetric crypto primitives for its
> 1) Most mobile devices can't generate 500k of true randomness in a short
> period of time, so they're using a PRNG to generate it.
> 2) They can't transfer 500k of one-time pad over the visual channel (which
> they assume is secure) so they transmit an AES-256 key over that channel,
> then encrypt the one-time pad and send it over a data channel.
> 3) They are using HMAC, instead of a one-time MAC based on universal
> The third one is actually an easy fix, they probably just didn't know
> about this and there isn't really library support sitting around. The first
> two they can't very easily fix.
> On Mar 24, 2015 5:14 PM, "Tony Arcieri" <bascule at gmail.com> wrote:
>> Some delicious http://snakeoil.cr.yp.to/
>> On Tue, Mar 24, 2015 at 3:01 PM, Tim Bray <tbray at textuality.com> wrote:
>>> http://techcrunch.com/2015/03/24/one-time-pads-ride-again/ Typically
>>> semiliterate write-up.
>>> - Tim Bray (If you’d like to send me a private message, see
>>> Messaging mailing list
>>> Messaging at moderncrypto.org
>> Tony Arcieri
>> Messaging mailing list
>> Messaging at moderncrypto.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging