[messaging] How secure is TextSecure?

David Leon Gil coruus at gmail.com
Wed Nov 5 22:46:46 PST 2014


On Sat, Nov 1, 2014 at 3:02 PM, Nadim Kobeissi <nadim at nadim.computer> wrote:
> ------ Original Message ------
> From: "David Leon Gil" <coruus at gmail.com>
> To: "messaging at moderncrypto.org" <messaging at moderncrypto.org>
> Sent: 2014-11-01 12:56:42 AM
> Subject: [messaging] How secure is TextSecure?
>
>> A new paper by Frosch et al. here: http://eprint.iacr.org/2014/904
>>
>> --
>>
>> They present an unknown key-share attack on TextSecure; this is rather
>> serious, to say the least.
>
> I disagree that this is a serious attack.

I agree, mostly: it's a serious protocol design mistake. But it is not
usefully exploitable, AFAIK.

(For crypto protocols, I make this distinction: sometimes, by
happenstance, a serious mistake is not exploitable -- most of TLS, for
example; other times it is.)


More information about the Messaging mailing list