Wickr vs stef's seven rules of thumb to detect snakeoil

rysiek rysiek at hackerspace.pl
Mon Feb 2 02:51:00 PST 2015


Dnia niedziela, 1 lutego 2015 22:03:13 Seth pisze:
> Main flaws claimed to be found by reviewer:
> 
> Password stored on servers
> hardware binding is a joke
> caught using static AES key
> Were not signing their messages
> TOFU (Trust On First Use) architecture
> Crappy TLS implementation
> Wickr servers using PHP scripts
> 
> I'd say the verdict leans towards snake-oil so far.

"Leans"?..

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150202/26719753/attachment-0001.sig>


More information about the cypherpunks mailing list