zlacker

[parent] [thread] 6 comments
1. bawolf+(OP)[view] [source] 2020-06-05 04:30:47
There's a lot more than just crypto. Its much more common for systems to fail in the supporting code then it is for the crypto to be wrong. So first step is probably learn reverse engineering and verify the crypto is being used correctly.

Then after that get a phd in cryptography.

replies(1): >>colord+W7
2. colord+W7[view] [source] 2020-06-05 06:17:28
>>bawolf+(OP)
The source code is available.
replies(4): >>bawolf+a8 >>antpls+pC >>nautil+MD >>sadfkl+6F
◧◩
3. bawolf+a8[view] [source] [discussion] 2020-06-05 06:19:50
>>colord+W7
Fair enough. The point still stands you should do normal source code auditing before worrying about the crypto aspects.
◧◩
4. antpls+pC[view] [source] [discussion] 2020-06-05 11:57:25
>>colord+W7
Great. So now, you need a Software Engineering degree AND a cryptography PhD
◧◩
5. nautil+MD[view] [source] [discussion] 2020-06-05 12:09:43
>>colord+W7
Ugh...now I have to get a phd in "source code" too??
◧◩
6. sadfkl+6F[view] [source] [discussion] 2020-06-05 12:20:28
>>colord+W7
Unless the build is reproducible it would be smart for a paranoid person to use the published source code only as a comparison with the decompiled app.
replies(1): >>sigmar+wW
◧◩◪
7. sigmar+wW[view] [source] [discussion] 2020-06-05 14:09:32
>>sadfkl+6F
The build is reproducible: https://github.com/signalapp/Signal-Android/blob/master/Repr...
[go to top]