Post 9lo2Q2gq3nzzUk8HPE by b3cft@infosec.exchange
(DIR) More posts by b3cft@infosec.exchange
(DIR) Post #9lmK4or5iCHFMh2PUu by leip4Ier@infosec.exchange
2019-08-11T13:52:21Z
0 likes, 1 repeats
read a little more about signal. i guess it's indeed better than most alternatives for its purpose, which is texting people you already know and trust, but it isn't really a general-purpose messenger, it's hardly usable in some other scenarios.i still don't understand their mechanism of user discovery. is there a description of how it works more detailed than their blog articles?
(DIR) Post #9lmKJCCVi7pLp8ub5M by leip4Ier@infosec.exchange
2019-08-11T13:54:57Z
0 likes, 0 repeats
they talk about truncated hashes of phone numbers. what does that mean exactly? that the server returns a few results for each hash and the client then compares them locally?i also don't understand what exactly does the server return. a full hash of phone number, some kind of an internal identifier and also some public key? how does initial key exchange happen?
(DIR) Post #9lmKp4d5OdBpbmXiqW by leip4Ier@infosec.exchange
2019-08-11T14:00:42Z
0 likes, 0 repeats
also they rely on intel sgx.. in my understanding, anything like that is possible to emulate fully in software and avoid any of those hardware protections?if i understand it correctly, then with modified server software (running it for some time) it's still possible to build a social graph, just with a few more entries than there actually are (one could then deduce which are real using external data, like that airdrop hack which assumed that phone number has a prefix of the city hacker is in).
(DIR) Post #9lmKxbCoA9UaxTJhpY by Wolf480pl@niu.moe
2019-08-11T14:02:13Z
0 likes, 0 repeats
@leip4Ier AFAIK you can't fully emulate sgx if you don't extract all the private keys from the CPU / Intel Management Engine.
(DIR) Post #9lmLDbjNycyrDmBjKi by leip4Ier@infosec.exchange
2019-08-11T14:05:08Z
0 likes, 0 repeats
@Wolf480pl oh, i see, that makes sense. although it still feels a little... idk, weird, relying on that single private key stored in like millions of CPUs? is there some kind of an update mechanism?(i mean, for its original purpose, which seems to be DRM, it's good, but i think it's safe to assume that three-letter agencies already know that key)
(DIR) Post #9lmLZYSmo5NvSPtBui by Wolf480pl@niu.moe
2019-08-11T14:09:06Z
0 likes, 0 repeats
@leip4Ier no idea, but I guess people like Joanna Rutkowska, or Mark Ermolov and Maxim Goryachy, will know more about the topic.
(DIR) Post #9lmLqINhqu5CVFUn6e by Wolf480pl@niu.moe
2019-08-11T14:12:06Z
0 likes, 0 repeats
@leip4Ier either way, I think using SGX to make it a bit harder for attackers is still better than just hoping the server is honest...
(DIR) Post #9lmMAyE7yuAA4msFA8 by leip4Ier@infosec.exchange
2019-08-11T14:15:49Z
0 likes, 0 repeats
@Wolf480pl yeah, sure. it's that i'd prefer the protocol to be built in a way that makes it impossible for the server to learn things it shouldn't learn, but i guess with their architecture it's impossible to implement... at least, they made it as hard as possible.
(DIR) Post #9lo2Q2gq3nzzUk8HPE by b3cft@infosec.exchange
2019-08-12T09:43:55Z
0 likes, 0 repeats
@leip4Ier: I assume some kind of k-anonymity process. Locally you hash all your known numbers in the address book and send the first 5/6 chars of the hash. They return all the complete hashes that match the prefix, then you can check the full hashes locally for known numbers.
(DIR) Post #9lo2UzAWZzZ41QNJA0 by leip4Ier@infosec.exchange
2019-08-12T09:44:49Z
0 likes, 0 repeats
@b3cft i see, so it's like i thought. thanks!
(DIR) Post #9lo45YKlPhnvSpAH2W by b3cft@infosec.exchange
2019-08-12T10:02:37Z
0 likes, 0 repeats
@leip4Ier: For a transparent version you can play with and see how it works, take a look at the haveibeenpwned passwords api. I had been wondering where else it was used.