[messaging] How secure is TextSecure?

Trevor Perrin trevp at trevp.net
Fri Dec 19 15:09:54 PST 2014

On Fri, Dec 19, 2014 at 2:47 PM, Joseph Bonneau <jbonneau at gmail.com> wrote:
> On Fri, Dec 19, 2014 at 5:35 PM, Trevor Perrin <trevp at trevp.net> wrote:
>> If Bob lies to his girlfriend Alice and give her Charlie's fingerprint
>> and phone number, Bob doesn't need to register anything.
> I guess there are two types of attack:
> In the first one Bob and Charlie both have accounts (separate usernames),
> and Bob changes to have Charlie's key fingerprint then tries to redirect
> Alice's message to Charlie. I was arguing you can prevent this version
> fairly cheaply in a centralized service by preventing key fingerprint
> collisions.

A service can prevent this even more cheaply by not allowing Bob to
redirect Alice's messages.

> In the second, Bob has no account. He tells Alice that Charlie's username X
> is really his (and perhaps even has Charlie's QR code on his screen so Alice
> is convinced she's "verified" that Bob really owns X). Fixing that probably
> requires the verification is a challenge-response proving knowledge of the
> private keys as the authors of the paper suggested and I agree that's
> probably not worth it.

Yeah, it's not worth it (IMO) and isn't a certain fix (Bob can relay
the challenge-response through someone else querying Charlie).


More information about the Messaging mailing list