[messaging] How secure is TextSecure?

Joseph Bonneau jbonneau at gmail.com
Fri Dec 19 13:28:14 PST 2014

(reviving dead thread)

I had a simple thought reading this paper: why not have the server simply
reject a user from ever attempting to register a key with the same
fingerprint as a key anybody else has already registered? That would block
UKS attacks (modulo server collaboration) and it seems like it would be
good security practice as well, if two users choose the same key
accidentally something has probably gone horribly wrong entropy-wise and it
would be worthwhile to detect that.

Cost should not be prohibitive, it's just a big hash map (or bloom filter)
that the server only hits when users register new key fingerprints.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141219/eb7dab8b/attachment.html>

More information about the Messaging mailing list