lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 23 Jun 2015 02:07:51 -0400
From: Scott Arciszewski <scott@...agonie.com>
To: fulldisclosure@...lists.org
Subject: [FD] Minds.com - Several Issues

The Hype
========

Before we begin, let's look at some of the hype that the Minds.com
team has been feeding into on Twitter.

https://twitter.com/minds/status/611536729175130112 ~>

> #Anonymous backs new #encrypted #social network to rival Facebook http://www.infowars.com/anonymous-backs-new-encrypted-social-network-to-rival-facebook/ #minds #opensource #freedom #algorithm

https://twitter.com/minds/status/612023517962477568 ~>

> Anonymous Is Championing a Social Network That Has One Major Advantage Over Facebook by @maxplenke http://mic.com/articles/121010/anonymous-supports-privacy-focused-social-network-minds-advantage-over-facebook … via @MicNews

https://twitter.com/minds/status/610499794834821121 ~>

> #Anonymous is supporting a new privacy-focused #social network that takes aim at Facebook's shady practices http://read.bi/1cW4uSz  via @sai

https://twitter.com/WiredUK/status/610732859373043712 ~>

> Anonymous backs encrypted social network 'Minds' http://wired.uk/8TxXRq

Wow, if Anonymous backs this project, surely it must be legitimate and
secure, right?

The Reality
===========

Prior Work by VoidSec
---------------------

I'd like to bring everyone's attention to this report by VoidSec which
discloses multiple XSS holes in their platform:
http://voidsec.com/minds-com-full-disclosure/

Cryptography Design Flaws
-------------------------

1. The client will blindly trust any public key the server provides.

https://github.com/Minds/mobile/blob/75f2488880a08b30e439404594c7703258aead65/www/js/controllers/gatherings/ChatConversationCtrl.js#L37-L54

The server can therefore trivially MitM any communication, thus
rendering the encryption completely useless.

2. Weak RSA

https://github.com/Minds/mobile/blob/55766e5514aec31559cc407f6bee8b2eff2b4d74/plugins/org.apache.cordova.crypt/src/android/Crypt.java#L70-L114

I thought that Bleichenbacher had driven the final nail in the coffin
of PKCS1 padding. This doesn't appear to expose an oracle (since
success/failure state is never transmitted over the network on
decryption), but it's possible I overlooked something.

The Lesson
==========

Although PKI (problem 1) is challenging, Minds.com gives the server
all the power without attempting to add any sort of identity
verification to the app.

If anyone needs to communicate privately with someone else, the
solution is to use TextSecure and/or Signal. (If you aren't already
using these free apps, why not?)

And please, if you're going to roll your own cryptography, don't deploy it.

http://www.cryptofails.com/post/75204435608/write-crypto-code-dont-publish-it

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists