| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKws9z33ss4yU9vod3zttqAc4F5=W9o1m70mJ+hnE-a1JWWPsg@mail.gmail.com> Date: Tue, 23 Jun 2015 02:07:51 -0400 From: Scott Arciszewski <scott@...agonie.com> To: fulldisclosure@...lists.org Subject: [FD] Minds.com - Several Issues The Hype ======== Before we begin, let's look at some of the hype that the Minds.com team has been feeding into on Twitter. https://twitter.com/minds/status/611536729175130112 ~> > #Anonymous backs new #encrypted #social network to rival Facebook http://www.infowars.com/anonymous-backs-new-encrypted-social-network-to-rival-facebook/ #minds #opensource #freedom #algorithm https://twitter.com/minds/status/612023517962477568 ~> > Anonymous Is Championing a Social Network That Has One Major Advantage Over Facebook by @maxplenke http://mic.com/articles/121010/anonymous-supports-privacy-focused-social-network-minds-advantage-over-facebook … via @MicNews https://twitter.com/minds/status/610499794834821121 ~> > #Anonymous is supporting a new privacy-focused #social network that takes aim at Facebook's shady practices http://read.bi/1cW4uSz via @sai https://twitter.com/WiredUK/status/610732859373043712 ~> > Anonymous backs encrypted social network 'Minds' http://wired.uk/8TxXRq Wow, if Anonymous backs this project, surely it must be legitimate and secure, right? The Reality =========== Prior Work by VoidSec --------------------- I'd like to bring everyone's attention to this report by VoidSec which discloses multiple XSS holes in their platform: http://voidsec.com/minds-com-full-disclosure/ Cryptography Design Flaws ------------------------- 1. The client will blindly trust any public key the server provides. https://github.com/Minds/mobile/blob/75f2488880a08b30e439404594c7703258aead65/www/js/controllers/gatherings/ChatConversationCtrl.js#L37-L54 The server can therefore trivially MitM any communication, thus rendering the encryption completely useless. 2. Weak RSA https://github.com/Minds/mobile/blob/55766e5514aec31559cc407f6bee8b2eff2b4d74/plugins/org.apache.cordova.crypt/src/android/Crypt.java#L70-L114 I thought that Bleichenbacher had driven the final nail in the coffin of PKCS1 padding. This doesn't appear to expose an oracle (since success/failure state is never transmitted over the network on decryption), but it's possible I overlooked something. The Lesson ========== Although PKI (problem 1) is challenging, Minds.com gives the server all the power without attempting to add any sort of identity verification to the app. If anyone needs to communicate privately with someone else, the solution is to use TextSecure and/or Signal. (If you aren't already using these free apps, why not?) And please, if you're going to roll your own cryptography, don't deploy it. http://www.cryptofails.com/post/75204435608/write-crypto-code-dont-publish-it Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists