@FiloSottile there’s always the analog loophole there *shrug*
-
-
Replying to @FiloSottile
@FiloSottile they could do much, much better than they are at hardening2 replies 0 retweets 0 likes -
Replying to @FiloSottile
@FiloSottile@bascule New Android phones have hardware-backed key storage and crypto. Keystore API lets you use it http://nelenkov.blogspot.com.au/2013/08/credential-storage-enhancements-android-43.html …1 reply 0 retweets 1 like -
Replying to @hubert3
@FiloSottile@bascule so you can generate a key and encrypt/decrypt without finding out the key. But malware can still do the same calls.1 reply 0 retweets 0 likes -
Replying to @hubert3
@hubert3@FiloSottile have you looked into HARES/PrivateCore/Whitebox crypto/homomorphic crypto/KEKs at all?2 replies 0 retweets 1 like -
Replying to @bascule
@bascule@FiloSottile If the Telegram app itself can decrypt and display messages from the db, then code injected into their pid as root can1 reply 0 retweets 0 likes -
-
Replying to @bascule
@bascule@FiloSottile but ultimately, if the attacker can instrument / inject the app itself, you will be able to read the contents2 replies 0 retweets 0 likes
@hubert3 @FiloSottile obfuscation is a cat and mouse game, but the defenders have a very rich toolbox of crypto-tricks...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.