On 8/26/21 at 6:01 PM, m...@lowentropy.net (Martin Thomson) wrote:
That Signal was hard is interesting, but I don't think that the
authors were sufficiently creative. They say "these
low-bandwidth attacks cannot be used to leak the short-term,
ephemeral keys", but I don't think that is true a
I don't think that this is a particularly important result. The formalism is
perhaps valuable, but the intuition is not novel: if you control an endpoint
and it can send messages, those messages can contain information. There are
far too many places in almost any protocol where information can
Dear TLS list,
FYI, ICYMI,
Berndt et al. describe a subverted implementation attack against TLS
https://eprint.iacr.org/2020/1452
I just noticed this report today and don't remember seeing it mentioned on the
TLS list already. It seems to be worth at least considering.
A summary and brief disc