Signal’s Post-Quantum Cryptographic Implementation

Signal has just rolled out its quantum-safe cryptographic implementation. Ars Technica has a really good article with details: Ultimately, the architects settled on a creative solution. Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it ha...

CVE-2022-45195

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

CVE-2022-45195

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

Design/Logic Flaw

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

SimpleXMQ 加密问题漏洞

SimpleXMQ is SimpleX Chat open source a reference implementation of the SimpleX messaging protocol . Used for simplex queues on public networks . A security vulnerability exists in SimpleXMQ versions prior to 3.4.0 that stems from its double ratchet protocol's X3DH key exchange process not applyi...

PT-2022-27425 · Simplexmq +1 · Simplexmq +1

Name of the Vulnerable Software and Affected Versions: SimpleXMQ versions prior to 3.4.0 SimpleX Chat versions prior to 4.2 Description: The issue occurs in the X3DH key exchange for the double ratchet protocol, where a key derivation function is not applied to intended data. This can interfere...

CVE-2022-45195

CVE-2022-45195 affects SimpleXMQ <3.4.0 (used in SimpleX Chat

Fedora: Security Advisory for libolm (FEDORA-2021-b514c8ea72)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: libolm-3.2.8-1.fc35

An implementation of the Double Ratchet cryptographic ratchet in C++...

[SECURITY] Fedora 34 Update: libolm-3.2.8-1.fc34

An implementation of the Double Ratchet cryptographic ratchet in C++...

The vulnerability of the Double Ratchet Libolm cryptographic ratchet implementation lies in the possibility of data being written beyond the buffer boundaries. This allows attackers to gain access to confidential data, compromise its integrity, and even cause service failures.

The vulnerability of the Double Ratchet Libolm cryptographic ratchet implementation lies in the writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause service...