Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cryptography super-group creates unbreakable encryption

Nadim Kobeissi nadim at nadim.cc
Wed Feb 13 20:54:42 PST 2013


Fabio just discovered that Silent Phone derives device IDs by hashing the
device IMEI with MD5...

WOW


NK


On Wed, Feb 13, 2013 at 11:51 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:

> So to recap:
> It hasn't been a few hours since Silent Circle released *some* of their
> source code, and we already know that:
>
>
>    1. Silent Circle isn't in built to be a secure communications
>    platform, but is simply a rebranding of TiviPhone, a latvian-made VoIP
>    software, with added encryption libraries,
>    2. The encryption libraries are themselves not developed by Silent
>    Circle, but are third party libraries,
>    3. The third party librares are in some cases outdated, even in the
>    face of security advisories,
>    4. There's a good possibility of a buffer overflow being there
>    somewhere, with over 40 uses of snprintf().
>
> I know what I'm doing this weekend! :D
>
>
> NK
>
>
> On Wed, Feb 13, 2013 at 11:33 PM, Nathan of Guardian <
> nathan at guardianproject.info> wrote:
>
>> Fabio Pietrosanti (naif):
>> > Here some notes i collected with a quick review of the source code:
>>
>> I can see the headlines now...
>>
>> "Cryptography super-group more like a cover band"
>> "Cryptography Boy Band covers Latvian super-group"
>> "Cryptography super-group? More like Milli Vanilli!"
>>
>> or perhaps simply:
>> "SilentCircle's premiere product was outsourced, and based on
>> out-of-date security libraries with known bugs"
>>
>> Finally, just to be clear, I have nothing against re-using code,
>> especially open-source projects that are complimentary. This is exactly
>> what we have done for our work on OSTN/OStel.
>>
>> I do have a problem with people representing software they license from
>> someone else as their own brilliant, weaved-by-the-gods invention.
>>
>> +n
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130213/8dea82c6/attachment.html>


More information about the liberationtech mailing list