Signal’s Post-Quantum Cryptographic Implementation

Signal has just rolled out its quantum-safe cryptographic implementation. Ars Technica has a really good article with details: Ultimately, the architects settled on a creative solution. Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it ha...

CVE-2022-45195

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

CVE-2022-45195

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

Design/Logic Flaw

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

PT-2022-27425 · Simplexmq +1 · Simplexmq +1

Name of the Vulnerable Software and Affected Versions: SimpleXMQ versions prior to 3.4.0 SimpleX Chat versions prior to 4.2 Description: The issue occurs in the X3DH key exchange for the double ratchet protocol, where a key derivation function is not applied to intended data. This can interfere...

CVE-2022-45195

CVE-2022-45195 affects SimpleXMQ <3.4.0 (used in SimpleX Chat

SimpleXMQ 加密问题漏洞

SimpleXMQ is SimpleX Chat open source a reference implementation of the SimpleX messaging protocol . Used for simplex queues on public networks . A security vulnerability exists in SimpleXMQ versions prior to 3.4.0 that stems from its double ratchet protocol's X3DH key exchange process not applyi...

CVE-2022-45195

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

Fedora: Security Advisory for libolm (FEDORA-2021-b514c8ea72)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: libolm-3.2.8-1.fc35

An implementation of the Double Ratchet cryptographic ratchet in C++...

[SECURITY] Fedora 34 Update: libolm-3.2.8-1.fc34

An implementation of the Double Ratchet cryptographic ratchet in C++...

The vulnerability of the Double Ratchet Libolm cryptographic ratchet implementation lies in the possibility of data being written beyond the buffer boundaries. This allows attackers to gain access to confidential data, compromise its integrity, and even cause service failures.

The vulnerability of the Double Ratchet Libolm cryptographic ratchet implementation lies in the writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause service...

CVE-2021-21387

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...

CVE-2021-21387 Partial secret key disclosure, improper safety number calculation, & inadequate encryption strength

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...

Damn Vulnerable Web Sockets: DVWS

Damn Vulnerable Web Sockets Damn Vulnerable Web Sockets DVWS is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA . You will find more vulnerabilities than the ones listed in the application. Requirements In the...

Ratchet and Clank: BTN - Corrupted files, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Ratchet and Clank: BTN published at the 'play' market has multiple vulnerabilities...

TextSecure: End-to-End encrypted and Open Source Messaging app

With revelations of NSA spying and some of the most jaw-dropping surveillance leaks, many people feel unencrypted and central-server service is bad in most of the cases, but end-to-end encryption can be used to reduce this problem. Worldwide Government surveillance raises privacy concerns and...