Remix.run Logo
lyu07282 7 hours ago

> In 2011, Eap started developing an encrypted messaging system with the help of his father, who holds a master’s degree in computer science from Simon Fraser University in Burnaby, B.C. The app was initially designed for BlackBerry phones and later made available for iPhones.

> His father designed the data encryption algorithm.

> “My dad's a genius,” said Eap. “It had the highest level of encryption available.”

It's hard to imagine that this level of ignorance wasn't intentional from the beginning.

loup-vaillant 6 hours ago | parent | next [-]

This quote sure was a huge red flag to me.

"My dad's a genius" because you're not supposed to rely on genius to make a good crypto system, and also because it makes Eap sounds like he has absolutely zero knowledge on the subject.

"highest level of encryption available" because there's a fairly low floor above which it's all uncrackable anyway (ChaCha20 + BLAKE2B authenticated encryption, and Curve448 + post quantum winners for the public stuff, should go beyond total overkill).

I don't believe it was intentional though. I'm just out of a quick job implementing SSCPv2 (encryption over RS485 to secure communication between card readers and central computer, typically used to secure buildings). Good specs, fairly good separation between cryptography and business logic, and as far as I could tell the crypto isn't broken… but it is quite old school: AES CBC + HMAC SHA256, using MAC then encrypt. https://moxie.org/2011/12/13/the-cryptographic-doom-principl... And while I think my implementation is okay, I did have to pay special attention to specific traps raising from this design, and to be honest wouldn't bet my life on having ironed out all possible timing attacks.

SSCPv2 was almost certainly designed after 2020, but it took books from 2005. Good books for their time, but a bit dated unfortunately. I'm pretty sure no actual cryptographer was involved. If there were, they would almost certainly have used standard authenticated encryption scheme like AES CGM, or ChaPoly (RFC 8439), they would have authenticated the unencrypted header, and provided an even better separation between crypto and business logic.

AnimalMuppet 6 hours ago | parent | prev | next [-]

Sounds more like weapons-grade arrogance on the part of the dad, and the kid believed it.

dist-epoch 6 hours ago | parent | prev [-]

Except these kinds of secure apps are never broken by attacking the encryption, but by just infiltrating/seizing the servers.

loup-vaillant 6 hours ago | parent [-]

For this one however this seems to be the case? The wording of the article isn't crystal clear, but it looks like the cops took control of the servers, and decrypted messages from there. So either the messages weren't truly end-to-end encrypted, or the encryption truly was broken.