[messaging] How secure is TextSecure?
Taylor R Campbell
campbell+moderncrypto at mumble.net
Thu Nov 6 07:39:02 PST 2014
Date: Thu, 6 Nov 2014 07:02:37 -0800
From: Trevor Perrin <trevp at trevp.net>
We can add crypto, but in any system where Bob presents his contact
and authentication info to Alice there's going to be this risk. This
isn't just TextSecure, it's almost everything:
* In PGP Bob could present Charlie's encryption key to Alice
* In OTR, SSH, or TextSecure Bob could present Charlie's fingerprint
* In NameCoin, PKI, or any centralized service Bob could present
Charlie's username
No need for crypto -- there's an easy way to defend against more or
less all of these:
Before Alice texts `I love you!' to the number/key she just received,
she texts `Is this Bob?'.
This is pretty common practice with PGP already (e.g.,
<https://www.NetBSD.org/developers/pgp.html>), and just plain common
sense when you receive a telephone number to make sure you haven't
fat-fingered it.
More information about the Messaging
mailing list