On 24 jul. 2014, at 17:32, Ashley Ward <[email protected]> wrote:
> On 24 Jul 2014, at 16:22, Simon Tennant <[email protected]> wrote: > >> Agree on 5222. But it smells like XMPP according to >> https://www.os3.nl/_media/2013-2014/courses/ssn/projects/threema_report.pdf > > They seem pretty sure about it: > > "The communication protocol used for this communication is Extensible > Messaging and Presence Protocol (XMPP). XMPP implements Simple > Authentication and Security Layer (SASL) and Transport Layer Security > (TLS) for its security. This means that MitM attack might be feasible for > this communication” I highly doubt they have actually verified that and not just based it on the port number. This [1] paper describes the packet formats, and it describes it as “[...] a custom protocol with some similarities to CurveCP”. Thijs
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
