Signal’s Post-Quantum Cryptographic Implementation

Signal has just rolled out its quantum-safe cryptographic implementation. Ars Technica has a really good article with details: Ultimately, the architects settled on a creative solution. Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it ha...

CVE-2022-45195

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

CVE-2022-45195

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

Design/Logic Flaw

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

SimpleXMQ 加密问题漏洞

SimpleXMQ is SimpleX Chat open source a reference implementation of the SimpleX messaging protocol . Used for simplex queues on public networks . A security vulnerability exists in SimpleXMQ versions prior to 3.4.0 that stems from its double ratchet protocol's X3DH key exchange process not applyi...

PT-2022-27425 · Simplexmq +1 · Simplexmq +1

Name of the Vulnerable Software and Affected Versions: SimpleXMQ versions prior to 3.4.0 SimpleX Chat versions prior to 4.2 Description: The issue occurs in the X3DH key exchange for the double ratchet protocol, where a key derivation function is not applied to intended data. This can interfere...

CVE-2022-45195

CVE-2022-45195 affects SimpleXMQ <3.4.0 (used in SimpleX Chat

CVE-2022-45195

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet...

Fedora: Security Advisory for libolm (FEDORA-2021-b514c8ea72)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: libolm-3.2.8-1.fc35

An implementation of the Double Ratchet cryptographic ratchet in C++...

[SECURITY] Fedora 34 Update: libolm-3.2.8-1.fc34

An implementation of the Double Ratchet cryptographic ratchet in C++...

CVE-2021-21387

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...

CVE-2021-21387 Partial secret key disclosure, improper safety number calculation, & inadequate encryption strength

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...

Damn Vulnerable Web Sockets: DVWS

Damn Vulnerable Web Sockets Damn Vulnerable Web Sockets DVWS is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA . You will find more vulnerabilities than the ones listed in the application. Requirements In the...

Ratchet and Clank: BTN - Corrupted files, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Ratchet and Clank: BTN published at the 'play' market has multiple vulnerabilities...

TextSecure: End-to-End encrypted and Open Source Messaging app

With revelations of NSA spying and some of the most jaw-dropping surveillance leaks, many people feel unencrypted and central-server service is bad in most of the cases, but end-to-end encryption can be used to reduce this problem. Worldwide Government surveillance raises privacy concerns and...