Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cryptography super-group creates unbreakable encryption

Brian Conley brianc at smallworldnews.tv
Wed Feb 13 23:37:09 PST 2013


Well so we've learned a few things:

1. The limits of completely open/anonymous spaces
2. Why anarchists operate in affinity groups and not "everyone has equal right hooray!"
3. Someone is obviously threatened by nadim(be proud not frustrated Nadim!)
4. People are still utter douchebags. I'm looking at you "unnamed."

Thanks Ali.

Sent from my iPad

On Feb 13, 2013, at 22:26, Ali-Reza Anghaie <ali at packetknife.com> wrote:

> Before the pad was ruined we also found out that:
> 
> - TiViPhone seems to be part of Silent Circle, (c) and all.. the lead developers are listed on SC's founding page.
> - Likewise the libraries notes, except PolarSSL, also seem to be develop led by people now working for Silent Circle.
> - Nadim admittingly jumped the gun on snprintf() issue
> - We can't verify the libraries used or any of the code against the binary builds
> 
> Etc.
> 
> So the skewering was premature. The pad, with other commentary, before it was ruined is DLable at http://pastebit.com/pastie/12001 .. the revision history slider still works but who knows how long as someone is mercilessly trolling Nadim through it now. -Ali
> 
> 
> 
> On Wed, Feb 13, 2013 at 11:51 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
> So to recap:
> It hasn't been a few hours since Silent Circle released *some* of their source code, and we already know that:
> 
> Silent Circle isn't in built to be a secure communications platform, but is simply a rebranding of TiviPhone, a latvian-made VoIP software, with added encryption libraries,
> The encryption libraries are themselves not developed by Silent Circle, but are third party libraries,
> The third party librares are in some cases outdated, even in the face of security advisories,
> There's a good possibility of a buffer overflow being there somewhere, with over 40 uses of snprintf().
> I know what I'm doing this weekend! :D
> 
> 
> NK
> 
> 
> On Wed, Feb 13, 2013 at 11:33 PM, Nathan of Guardian <nathan at guardianproject.info> wrote:
> Fabio Pietrosanti (naif):
> > Here some notes i collected with a quick review of the source code:
> 
> I can see the headlines now...
> 
> "Cryptography super-group more like a cover band"
> "Cryptography Boy Band covers Latvian super-group"
> "Cryptography super-group? More like Milli Vanilli!"
> 
> or perhaps simply:
> "SilentCircle's premiere product was outsourced, and based on
> out-of-date security libraries with known bugs"
> 
> Finally, just to be clear, I have nothing against re-using code,
> especially open-source projects that are complimentary. This is exactly
> what we have done for our work on OSTN/OStel.
> 
> I do have a problem with people representing software they license from
> someone else as their own brilliant, weaved-by-the-gods invention.
> 
> +n
> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130213/bbbf2429/attachment.html>


More information about the liberationtech mailing list