[liberationtech] Cryptography super-group creates unbreakable encryption
Nadim Kobeissi
nadim at nadim.cc
Wed Feb 13 20:54:42 PST 2013
Fabio just discovered that Silent Phone derives device IDs by hashing the
device IMEI with MD5...
WOW
NK
On Wed, Feb 13, 2013 at 11:51 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
> So to recap:
> It hasn't been a few hours since Silent Circle released *some* of their
> source code, and we already know that:
>
>
> 1. Silent Circle isn't in built to be a secure communications
> platform, but is simply a rebranding of TiviPhone, a latvian-made VoIP
> software, with added encryption libraries,
> 2. The encryption libraries are themselves not developed by Silent
> Circle, but are third party libraries,
> 3. The third party librares are in some cases outdated, even in the
> face of security advisories,
> 4. There's a good possibility of a buffer overflow being there
> somewhere, with over 40 uses of snprintf().
>
> I know what I'm doing this weekend! :D
>
>
> NK
>
>
> On Wed, Feb 13, 2013 at 11:33 PM, Nathan of Guardian <
> nathan at guardianproject.info> wrote:
>
>> Fabio Pietrosanti (naif):
>> > Here some notes i collected with a quick review of the source code:
>>
>> I can see the headlines now...
>>
>> "Cryptography super-group more like a cover band"
>> "Cryptography Boy Band covers Latvian super-group"
>> "Cryptography super-group? More like Milli Vanilli!"
>>
>> or perhaps simply:
>> "SilentCircle's premiere product was outsourced, and based on
>> out-of-date security libraries with known bugs"
>>
>> Finally, just to be clear, I have nothing against re-using code,
>> especially open-source projects that are complimentary. This is exactly
>> what we have done for our work on OSTN/OStel.
>>
>> I do have a problem with people representing software they license from
>> someone else as their own brilliant, weaved-by-the-gods invention.
>>
>> +n
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130213/8dea82c6/attachment.html>
More information about the liberationtech
mailing list