[liberationtech] Encrypted Pastebins: Attack Vectors against ezcrypt.it and 0bin.net
Lucas Dixon
ldixon at google.com
Tue Jan 21 18:01:49 PST 2014
On Sun, Jan 19, 2014 at 7:23 AM, carlo von lynX <lynX at time.to.get.psyced.org
> wrote:
>
> > The highest level of "this feature" would be if this "Mock JS" could have
> > full WebRTC functionality ;)
>
> Dunno, WebRTC is so prone to MITM.
> I'd rather have something secure.
>
What kind of MITM attack are you thinking of? WebRTC doesn't specify a key
authentication protocol, so not sure WebRTC is anything specific enough to
say it not secure. WebRTC is compatible with ZRTP key-authentication which
builds in a video-based auth scheme and should stop MITM attacks (last time
I checked). You could also use some other form of key-auth with WebRTC,
e.g. swap key-hashes in person.
--
Lucas Dixon | Google Ideas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140121/5d98bfae/attachment-0001.html>
More information about the liberationtech
mailing list