@FiloSottile they could do much, much better than they are at hardening
-
-
Replying to @FiloSottile
@FiloSottile@bascule New Android phones have hardware-backed key storage and crypto. Keystore API lets you use it http://nelenkov.blogspot.com.au/2013/08/credential-storage-enhancements-android-43.html …1 reply 0 retweets 1 like -
Replying to @hubert3
@FiloSottile@bascule so you can generate a key and encrypt/decrypt without finding out the key. But malware can still do the same calls.1 reply 0 retweets 0 likes -
Replying to @hubert3
@hubert3@FiloSottile have you looked into HARES/PrivateCore/Whitebox crypto/homomorphic crypto/KEKs at all?2 replies 0 retweets 1 like -
Replying to @bascule
@bascule@FiloSottile If the Telegram app itself can decrypt and display messages from the db, then code injected into their pid as root can1 reply 0 retweets 0 likes -
-
Replying to @bascule
@bascule@FiloSottile but ultimately, if the attacker can instrument / inject the app itself, you will be able to read the contents2 replies 0 retweets 0 likes -
Replying to @hubert3
@bascule@FiloSottile anyway, the bug report was definitely overhyped and self-aggrandizing, and is getting some clueless reporting as usual1 reply 0 retweets 0 likes -
Replying to @hubert3
@hubert3@FiloSottile strongly agree, I deleted it from my Twitter and regret posting it sans comment, but...1 reply 0 retweets 0 likes
@hubert3 @FiloSottile on the one hand I should read harder before I tweet, on the other hand obfuscation is an art and Telegram sucks at it
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.