Wickr vs stef's seven rules of thumb to detect snakeoil

rysiek rysiek at hackerspace.pl
Mon Feb 2 02:51:00 PST 2015

Dnia niedziela, 1 lutego 2015 22:03:13 Seth pisze:
> Main flaws claimed to be found by reviewer:
> Password stored on servers
> hardware binding is a joke
> caught using static AES key
> Were not signing their messages
> TOFU (Trust On First Use) architecture
> Crappy TLS implementation
> Wickr servers using PHP scripts
> I'd say the verdict leans towards snake-oil so far.


Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20150202/26719753/attachment-0002.sig>

More information about the cypherpunks mailing list