Soatok Dreamseeker1d ago

Jeez, what a mess.

https://www.404media.co/a-secure-chat-apps-encryption-is-so-bad-it-is-meaningless/

A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’

TeleGuard is an app downloaded more a million times that markets itself as a secure way to chat. The app uploads users’ private keys to the company’s server, and makes decryption of messages trivial.

404 Media
Show threadAriadne Conill 🐰1d ago
@soatok _uploadRSAPrivateKey(), woooooooo
Show threadStijn van Drongelen14h ago
@ariadne @soatok Also, still using RSA in 2021 and onwards is a bad smell in and of itself, given how easy it is to use it in a vulnerable way.
Show threadAriadne Conill 🐰

@soatok @stiiin no. RSA is fine as long as the modulus is sufficient.

the QC advances are overstated: if you read the paper, they chose intentionally weak key parameters to factor, and in any case the modulus was only 22 bits.

this isn't to say that tasteful elliptic curve cryptography (like curve25519) is bad, just that there really isn't any urgency to move away from RSA in systems which use it.

its still a valid choice, as long as there is a sufficiently large modulus. keys with 4096 or 8192 bit modulus are totally fine for the forseeable future for example, bar some major advancement in quantum computing.

but I don't see it happening this decade.

5:21amWeb
Show threadStijn van Drongelen14h ago
@ariadne @soatok I don't even care all that much about the PQC angle. I'm referring to the padding oracle attacks that keep popping up in implementations, among other side-channel vulns.
Show threadCharlotte /Cinny     14h ago
@ariadne @soatok @stiiin yeah but this isn’t a legacy protocol and a CRQC will break ecc all the same
Show threadAriadne Conill 🐰13h ago
@soatok @stiiin @charlotte sure, they made mistakes. lots of them in fact. I just don't consider using RSA to be a concern here.