Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cryptography super-group creates unbreakable encryption

Nadim Kobeissi nadim at
Wed Feb 13 20:54:42 PST 2013

Fabio just discovered that Silent Phone derives device IDs by hashing the
device IMEI with MD5...



On Wed, Feb 13, 2013 at 11:51 PM, Nadim Kobeissi <nadim at> wrote:

> So to recap:
> It hasn't been a few hours since Silent Circle released *some* of their
> source code, and we already know that:
>    1. Silent Circle isn't in built to be a secure communications
>    platform, but is simply a rebranding of TiviPhone, a latvian-made VoIP
>    software, with added encryption libraries,
>    2. The encryption libraries are themselves not developed by Silent
>    Circle, but are third party libraries,
>    3. The third party librares are in some cases outdated, even in the
>    face of security advisories,
>    4. There's a good possibility of a buffer overflow being there
>    somewhere, with over 40 uses of snprintf().
> I know what I'm doing this weekend! :D
> NK
> On Wed, Feb 13, 2013 at 11:33 PM, Nathan of Guardian <
> nathan at> wrote:
>> Fabio Pietrosanti (naif):
>> > Here some notes i collected with a quick review of the source code:
>> I can see the headlines now...
>> "Cryptography super-group more like a cover band"
>> "Cryptography Boy Band covers Latvian super-group"
>> "Cryptography super-group? More like Milli Vanilli!"
>> or perhaps simply:
>> "SilentCircle's premiere product was outsourced, and based on
>> out-of-date security libraries with known bugs"
>> Finally, just to be clear, I have nothing against re-using code,
>> especially open-source projects that are complimentary. This is exactly
>> what we have done for our work on OSTN/OStel.
>> I do have a problem with people representing software they license from
>> someone else as their own brilliant, weaved-by-the-gods invention.
>> +n
>> --
>> Unsubscribe, change to digest, or change password at:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list