Comment by upofadown
14 hours ago
In a very real sense you do need access to the device to install the backdoored client.
There is no actual cryptographic weakness presented here...
14 hours ago
In a very real sense you do need access to the device to install the backdoored client.
There is no actual cryptographic weakness presented here...
went through it again, you are right, network access alone isn't enough. It's more about installing a third party app (like telegram desktop or modified version from the store if intervened by the government or any other 3d party)
but the protocol itself does not look reliable, since encoding 85% of messages is quite easy once you change your message padding a bit according to the paper unlike what's used in signal
I am sure that there are a zillion ways to leak information in Signal if you can hack the client. This sort of thing is normally assumed in threat models.