[messaging] How secure is TextSecure?

Taylor R Campbell campbell+moderncrypto at mumble.net
Thu Nov 6 07:39:02 PST 2014

   Date: Thu, 6 Nov 2014 07:02:37 -0800
   From: Trevor Perrin <trevp at trevp.net>

   We can add crypto, but in any system where Bob presents his contact
   and authentication info to Alice there's going to be this risk.  This
   isn't just TextSecure, it's almost everything:
    * In PGP Bob could present Charlie's encryption key to Alice
    * In OTR, SSH, or TextSecure Bob could present Charlie's fingerprint
    * In NameCoin, PKI, or any centralized service Bob could present
   Charlie's username

No need for crypto -- there's an easy way to defend against more or
less all of these:

Before Alice texts `I love you!' to the number/key she just received,
she texts `Is this Bob?'.

This is pretty common practice with PGP already (e.g.,
<https://www.NetBSD.org/developers/pgp.html>), and just plain common
sense when you receive a telephone number to make sure you haven't
fat-fingered it.

More information about the Messaging mailing list