Readit News logoReadit News
maqp commented on Why you should delete WhatsApp and install Signal   andrewsteele.co.uk/blog/2... · Posted by u/ColinWright
upofadown · a month ago
>Except undetectable MITM attacks.

OK, an attacker creates two keypairs with the same fingerprint. How specifically can that attacker use those colliding fingerprints to do a MITM attack? Anything I can think of involves revealing one of the private keys to someone else and having them use that private key as their own.

maqp · a month ago
So it goes something like this

1. Attacker does TLS-MITM with rogue certificate to replace the the public key of user B on their website with the attacker's public key in real time

2. A gets the MITM attacker's public key instead.

3. A sends introductory message containing their public key.

4. MITM replaces A's public key with that of theirs with colliding fingerprint

5. MITM keeps reading messages in between.

Later when they meet and compare public key fingerprints, they won't detect the attack.

This makes a lot of assumptions, but it's merely complex in terms of number of steps. It's not computationally infeasible.

Also, a better attack is of course to just hack the endpoints and exfiltrate private keys and passively read all messages since PGP lacks forward secrecy, and since that's according to Snowden, been happening for over 10 years, it's probably the modern approach. Much less noisy.

maqp commented on 15 Years of Building Jefit   jefit.com/our-story... · Posted by u/jasong
FredPret · a month ago
You joke but this is exactly what I'm talking about.

This channel must have hundreds of hours of content, and I'm sure much of it is good, but I don't have hundreds of hours.

Instead, I will send hundreds of dollars to some trusted person to distill hundreds of hours into an app or something that I can use immediately.

maqp · a month ago
No I did not joke. If you bother to open one of the playlists I referred to, you can find e.g. 10 rear delt exercises demonstrated in under 15 second videos with extremely good tldr advice.

https://www.youtube.com/watch?v=34gVHrkaiz0&list=PLyqKj7LwU2...

Mike Israetel who runs the channel is in the top-5 in scientific body building circles.

And you can get those same videos in their app https://rpstrength.com/pages/hypertrophy-app

Personally I'd use Jefit or Hevy over RP, but the point stands.

maqp commented on 15 Years of Building Jefit   jefit.com/our-story... · Posted by u/jasong
FredPret · a month ago
Conversely, a tidal flood of free content, much of which is low quality, can motivate a consumer to shell out $$$ for something that's more curated, limited, and has a guaranteed lower limit on quality.

I know because I've done this many times in many contexts, with everything from fitness apps to programming courses to buying the latest fiction books. With all of these, there are multiple lifetimes' of free, good content out there, but good luck mining the nuggets out from the thick layer of slop.

maqp · a month ago
Yup, I have no idea what's the point of gazillion YouTube shorts on exercises that have perfectly good tutorials by experienced people, available already.

E.g., https://www.youtube.com/@RenaissancePeriodization/playlists has ridiculously good per-body-part demonstration playlists if you scroll down a bit.

maqp commented on 15 Years of Building Jefit   jefit.com/our-story... · Posted by u/jasong
oldpersonintx2 · a month ago
youtube is FLOODED with free fitness content, I mean, you could workout for five years and never see the same video twice

its all evergreen - crunches from five years ago are just as good today

everyone I know who worked as a personal trainer has moved out of the industry

endless free resources out there

and then the content connected to devices like Peloton etc

not sure how you can make a buck in this business

want to track your progress? look in the mirror or guesstimate

maqp · a month ago
Jefit isn't about video tutorials, but keeping track of your progress in specific exercises, and performing correct amount of volume to progress but not over-train, a thing that becomes harder when you advance and your progress starts to slow down. At that point avoiding stagnation requires a lot more optimization and an app that can tell incremental progress in bench is more motivating than looking at the mirror and seeing very small changes. Also, for powerlifters the mirror is a poor tool since it's not about hypertrophy and body shape.
maqp commented on Why you should delete WhatsApp and install Signal   andrewsteele.co.uk/blog/2... · Posted by u/ColinWright
upofadown · a month ago
>To avoid situation where someone generates a key with matching fingerprint...

That would be a preimage attack. No one knows how to do that with SHA-1. The best you could do would be to generate two different keypairs with the same fingerprint. That doesn't have any security implications. ... which is lucky, otherwise we would need unusably long fingerprints in the 256 bit range. Note that Signal effectively only has 100 bits per identity for the key fingerprint (they combine two identities to make the 60 decimal digit safety number). Using a birthday attack, generating a collision would only involve 2^50 operations, which is practically feasible.

maqp · a month ago
>That would be a preimage attack.

My bad you're right with the terminology.

>The best you could do would be to generate two different keypairs with the same fingerprint. That doesn't have any security implications.

Except undetectable MITM attacks.

If you're encrypting with adversary's keys you think is valid because the attacker's keys' fingerprint matches with what you're expecting, you're going to have bad time. PGP's main use case is of course use of pinned long term keys, but nation states won't mind swapping values during TLS MITM access if they can. (Which is why E2EE is a thing.)

>Note that Signal effectively only has 100 bits per identity for the key fingerprint (they combine two identities to make the 60 decimal digit safety number)

Thanks I learned something new today.

"However, there are some more advanced use cases which per-conversation safety numbers might not provide for (such as Charlie verifying Alice’s fingerprint by checking with Bob), so we designed the safety number format to be a sorted concatenation of two 30-digit individual numeric fingerprints. Advanced users that would like to use fingerprints for more complex use cases can separate the two fingerprints from the safety number if necessary." https://signal.org/blog/safety-number-updates/

maqp commented on Why you should delete WhatsApp and install Signal   andrewsteele.co.uk/blog/2... · Posted by u/ColinWright
upofadown · a month ago
>Take OpenPGP v5 fingerprints that are still, 15 years after SHA-1 was considered weak, not available in gpg, if at all.

Assuming you mean V5 PGP keys. There are 2 proposed key formats due to the standards fork which actually supports your argument. But since there is no actual weakness, it is safe to just stick with what people have been using since forever.

SHA-1 is only broken for collisions. Fingerprints do not require collision resistance. PGP used to use only 32 bits of the SHA-1 hash for the short form of the fingerprint. That became problematic because they could be straight up forged from an existing fingerprint so now 64 bits are used. Such fingerprints are trivially collideable simply because of the length. But, again, that is not an issue. You have to look at the security of the system when evaluating things like this, not just looking for particular primitives.

>You're also not proposing a solution so I take it you're advocating for Matrix.

Yeah, fans tend to assume that everyone is a fan of something... Just saying...

maqp · a month ago
>Fingerprints do not require collision resistance.

That's what they're literally there for. To avoid situation where someone generates a key with matching fingerprint, and the person importing the key doesn't detect it's a forgery.

>Yeah, fans tend to assume that everyone is a fan of something... Just saying...

Yeah I'm a fan of adequate computational headroom where it doesn't cost anything.

maqp commented on Why you should delete WhatsApp and install Signal   andrewsteele.co.uk/blog/2... · Posted by u/ColinWright
brikym · a month ago
In Signal I miss 'send without sound' which Telegram has. Sometimes I want to send something unimportant and not disturb the recipient.
maqp · a month ago
It's the responsibility of the recipient to mute their phone when it's unpleasant/awkward for them to have their phone make noises.
maqp commented on Why you should delete WhatsApp and install Signal   andrewsteele.co.uk/blog/2... · Posted by u/ColinWright
Kwpolska · a month ago
How do you prove that the Signal app you download from the Play Store is compiled from the source code on GitHub?
maqp · a month ago
pull the apk from your phone with apktool. Compile Signal reproducibly with their instructions. Use the diff.py tool they provide and check for the message that confirms the APKs match.
maqp commented on Why you should delete WhatsApp and install Signal   andrewsteele.co.uk/blog/2... · Posted by u/ColinWright
tcfhgj · a month ago
The point of e2ee is already lost anyways.

What does E2EE potentially give you? A promise, which does not involve trusting the service provider, that messages can only read by the recipient.

What does making the app closed source take from you? The freedom of requiring trusting the service provider = facebook

maqp · a month ago
"What does making the app closed source take from you? The freedom of requiring trusting the service provider = facebook"

It does change the requirement of collection.

It's no longer "Well all this data is rolling in, what shall we do with it".

It's "Hey, if we commit THREE BILLION FELONIES of backdooring our every users' encryption, we can access all that data".

Surely you realize that's a leap.

maqp commented on Why you should delete WhatsApp and install Signal   andrewsteele.co.uk/blog/2... · Posted by u/ColinWright
upofadown · a month ago
>Crucially, it's run by a nonprofit organisation...

Sure, but for all we know it is a wholly owned subsidiary of the CIA. See Crypto AG[1].

>...if we all start to do this, it will mean more people are on Signal, hopefully gradually making it more attractive to move across!

Signal is controlled by a single entity and is not federated. So it is only a matter of time before things fall apart. So it is not a good idea to promote it as some sort of messaging standard.

I mean, Signal is OK and is a fine replacement for Whatsapp, but all these rabid expressions of Signal fandom are starting to get annoying.

[1] https://en.wikipedia.org/wiki/Crypto_AG

maqp · a month ago
>Sure, but for all we know it is a wholly owned subsidiary of the CIA. See Crypto AG[1].

This is such a sad propaganda tactic.

Signal's client is 100% open source. The Android client has reproducible builds. You can verify yourself the cryptographic primitives are used, and function correctly with test vectors.

E.g. Here's those for the key exchange X25519 https://datatracker.ietf.org/doc/html/rfc7748

Here's the test vectors for AES https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algo...

>Signal is controlled by a single entity and is not federated. So it is only a matter of time before things fall apart.

It's backed by the Signal foundation, donations, and it doesn't suffer from bike shedding bigger federated systems struggle with. Take OpenPGP v5 fingerprints that are still, 15 years after SHA-1 was considered weak, not available in gpg, if at all. Federated systems and standards bodies with disengaged management are easy to subvert from the inside with tactics like these https://www.404media.co/declassified-cia-guide-to-sabotaging...

>So it is not a good idea to promote it as some sort of messaging standard.

The protocol isn't a standard, but its security properties are the gold standard. That's why it's being used in most networked TCB apps that take their security as serious as they can.

You're also not proposing a solution so I take it you're advocating for Matrix.

u/maqp

KarmaCake day695August 8, 2015View Original