[messaging] Yet another secure messaging app
Joseph Bonneau
jbonneau at cs.stanford.edu
Tue Mar 24 21:25:02 PDT 2015
Beyond the fact that switching to one-time pad addresses such a tiny risk
compared to other risks to users that this is inherently dumb and the app
is almost certainly broken in many other ways, I might assign the following
question to a Crypto 101 undergraduate course:
"Zendo is using one-time pads, which can remove vulnerability to a
symmetric cipher being cryptanalyzed successfully. However, what are three
ways that Zendo still relies on symmetric crypto primitives for its
security?"
Answer:
1) Most mobile devices can't generate 500k of true randomness in a short
period of time, so they're using a PRNG to generate it.
2) They can't transfer 500k of one-time pad over the visual channel (which
they assume is secure) so they transmit an AES-256 key over that channel,
then encrypt the one-time pad and send it over a data channel.
3) They are using HMAC, instead of a one-time MAC based on universal
hashing.
The third one is actually an easy fix, they probably just didn't know about
this and there isn't really library support sitting around. The first two
they can't very easily fix.
On Mar 24, 2015 5:14 PM, "Tony Arcieri" <bascule at gmail.com> wrote:
> Some delicious http://snakeoil.cr.yp.to/
>
> On Tue, Mar 24, 2015 at 3:01 PM, Tim Bray <tbray at textuality.com> wrote:
>
>> http://techcrunch.com/2015/03/24/one-time-pads-ride-again/ Typically
>> semiliterate write-up.
>>
>> --
>> - Tim Bray (If you’d like to send me a private message, see
>> https://keybase.io/timbray)
>>
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
>>
>>
>
>
> --
> Tony Arcieri
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150324/fb1e48bf/attachment.html>
More information about the Messaging
mailing list