Search Mailing List Archives
steveweis at gmail.com
Tue Jun 18 13:05:46 PDT 2013
It's not safe.
This is their bookmarklet:
changed at any time and compromise your messages without your knowledge.
The actual call to encrypt data is here:
hmac = hex_hmac_sha1(key, _this.text);
hmac += hmac.slice(0, 24);
cipher = hmac + salt + Aes.Ctr.encrypt(_this.text, key, 256);
They're MACing the key for some reason, then using unauthenticated CTR mode
without an HMAC. So this is completely vulnerable to someone modifying the
That CTR mode is implemented by this:
using the time of day as a nonce combined with a weak JS Math.random().
That's vulnerable to some attacks as well.
Generally, I'd assume that a random crypto project you run across is
probably not safe.
On Tue, Jun 18, 2013 at 11:51 AM, Lorenzo Franceschi Bicchierai <
lorenzofb8 at gmail.com> wrote:
> Have you guys seen this?
> I've searched through the archives but didn't see anything. I'm wondering
> how safe this is.
> It has received some small attention on the media before.
> *Lorenzo Franceschi-Bicchierai
> *Mashable <http://www.mashable.com> Junior US & World Reporter
> lorenzo at mashable.com | lorenzofb8 at gmail.com
> #: (+1) 917 257 1382
> Twitter: @lorenzoFB <http://www.twitter.com/lorenzoFB>
> Skype: lorenzofb8
> OTR: lorenzofb at jabber.ccc.de
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech