Wickr vs stef's seven rules of thumb to detect snakeoil
rysiek
rysiek at hackerspace.pl
Mon Feb 2 02:51:00 PST 2015
Dnia niedziela, 1 lutego 2015 22:03:13 Seth pisze:
> Main flaws claimed to be found by reviewer:
>
> Password stored on servers
> hardware binding is a joke
> caught using static AES key
> Were not signing their messages
> TOFU (Trust On First Use) architecture
> Crappy TLS implementation
> Wickr servers using PHP scripts
>
> I'd say the verdict leans towards snake-oil so far.
"Leans"?..
--
Pozdrawiam,
Michał "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20150202/26719753/attachment-0002.sig>
More information about the cypherpunks
mailing list