@headhntr @WIRED @iRowan @EFF @FredericJacobs @AlyssaRowan @bascule Nice ad. Do let me know when you're ready to discuss encryption.
-
-
Replying to @durov
@durov@headhntr@WIRED@iRowan@EFF@FredericJacobs@AlyssaRowan you might want to check@sweis’s tweets. He’s been pointing out oddities2 replies 0 retweets 0 likes -
Replying to @bascule
@bascule@durov@headhntr@WIRED@iRowan@EFF@FredericJacobs@AlyssaRowan Author doesn't understand SecureRandom: https://github.com/DrKLO/Telegram/blob/master/TMessagesProj/src/main/java/org/telegram/android/SecretChatHelper.java#L1107 …2 replies 9 retweets 11 likes -
Replying to @sweis
@bascule@durov@headhntr@WIRED@iRowan@EFF@FredericJacobs@AlyssaRowan Using unpadded RSA too:https://github.com/DrKLO/Telegram/blob/master/TMessagesProj/src/main/java/org/telegram/messenger/Utilities.java#L338 …3 replies 6 retweets 9 likes -
Replying to @sweis
@bascule@durov@headhntr@WIRED@iRowan@EFF@FredericJacobs@AlyssaRowan I found out Java defaults to PKCS#1 padding so it's not raw RSA.1 reply 0 retweets 0 likes -
Replying to @sweis
@sweis@durov@headhntr@WIRED@iRowan@EFF@FredericJacobs@AlyssaRowan secure by accident?1 reply 0 retweets 0 likes -
Replying to @bascule
@sweis@durov@headhntr@WIRED@iRowan@EFF@FredericJacobs@AlyssaRowan note that a better designed protocol would probably use e.g. OAEP1 reply 0 retweets 0 likes -
Replying to @bascule
@sweis@durov@headhntr@WIRED@iRowan@EFF@FredericJacobs@AlyssaRowan ...or not use RSA at all and use ECC instead1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@durov@headhntr@WIRED@iRowan@EFF@FredericJacobs@AlyssaRowan Array comparison timing attack:https://github.com/DrKLO/Telegram/blob/master/TMessagesProj/src/main/java/org/telegram/messenger/Utilities.java …2 replies 1 retweet 1 like -
Replying to @sweis
@sweis@bascule@headhntr@FredericJacobs@AlyssaRowan Related-key attacks? AES partially derived from msg_key (SHA-1 of salt|SID|...).2 replies 0 retweets 1 like
@justintroutman @sweis @headhntr @FredericJacobs @AlyssaRowan welcome to the party!
-
-
Replying to @bascule
@bascule@sweis@headhntr@FredericJacobs@AlyssaRowan They did amend the text regarding SHA-1 being a MAC.0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.