Mastodawn

Jeez, what a mess.

https://www.404media.co/a-secure-chat-apps-encryption-is-so-bad-it-is-meaningless/

A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’

TeleGuard is an app downloaded more a million times that markets itself as a secure way to chat. The app uploads users’ private keys to the company’s server, and makes decryption of messages trivial.

404 Media

Show thread

Ariadne Conill 🐰

1d ago

@soatok _uploadRSAPrivateKey(), woooooooo

Show thread

Stĳn van Drongelen

@ariadne @soatok Also, still using RSA in 2021 and onwards is a bad smell in and of itself, given how easy it is to use it in a vulnerable way.

Show thread

Ariadne Conill 🐰

13h ago

@soatok @stiiin no. RSA is fine as long as the modulus is sufficient.

the QC advances are overstated: if you read the paper, they chose intentionally weak key parameters to factor, and in any case the modulus was only 22 bits.

this isn't to say that tasteful elliptic curve cryptography (like curve25519) is bad, just that there really isn't any urgency to move away from RSA in systems which use it.

its still a valid choice, as long as there is a sufficiently large modulus. keys with 4096 or 8192 bit modulus are totally fine for the forseeable future for example, bar some major advancement in quantum computing.

but I don't see it happening this decade.

Show thread

Stĳn van Drongelen 13h ago

@ariadne @soatok I don't even care all that much about the PQC angle. I'm referring to the padding oracle attacks that keep popping up in implementations, among other side-channel vulns.

Show thread

Charlotte

/Cinny

13h ago

@ariadne @soatok @stiiin yeah but this isn’t a legacy protocol and a CRQC will break ecc all the same

Show thread

Ariadne Conill 🐰

12h ago

@soatok @stiiin @charlotte sure, they made mistakes. lots of them in fact. I just don't consider using RSA to be a concern here.