zlacker

[parent] [thread] 8 comments
1. angott+(OP)[view] [source] 2020-06-05 03:32:45
The first step would probably involve getting a PhD in cryptography...
replies(2): >>bawolf+b4 >>jhoech+2e
2. bawolf+b4[view] [source] 2020-06-05 04:30:47
>>angott+(OP)
There's a lot more than just crypto. Its much more common for systems to fail in the supporting code then it is for the crypto to be wrong. So first step is probably learn reverse engineering and verify the crypto is being used correctly.

Then after that get a phd in cryptography.

replies(1): >>colord+7c
◧◩
3. colord+7c[view] [source] [discussion] 2020-06-05 06:17:28
>>bawolf+b4
The source code is available.
replies(4): >>bawolf+lc >>antpls+AG >>nautil+XH >>sadfkl+hJ
◧◩◪
4. bawolf+lc[view] [source] [discussion] 2020-06-05 06:19:50
>>colord+7c
Fair enough. The point still stands you should do normal source code auditing before worrying about the crypto aspects.
5. jhoech+2e[view] [source] 2020-06-05 06:39:17
>>angott+(OP)
I file that under snarky comment.

Certainly not required. A PhD will teach you a lot about methodology but not necessarily the technical details required and involved in secure multi-party or P2P messaging.

◧◩◪
6. antpls+AG[view] [source] [discussion] 2020-06-05 11:57:25
>>colord+7c
Great. So now, you need a Software Engineering degree AND a cryptography PhD
◧◩◪
7. nautil+XH[view] [source] [discussion] 2020-06-05 12:09:43
>>colord+7c
Ugh...now I have to get a phd in "source code" too??
◧◩◪
8. sadfkl+hJ[view] [source] [discussion] 2020-06-05 12:20:28
>>colord+7c
Unless the build is reproducible it would be smart for a paranoid person to use the published source code only as a comparison with the decompiled app.
replies(1): >>sigmar+H01
◧◩◪◨
9. sigmar+H01[view] [source] [discussion] 2020-06-05 14:09:32
>>sadfkl+hJ
The build is reproducible: https://github.com/signalapp/Signal-Android/blob/master/Repr...
[go to top]