top | item 46086541 (no title) fylo | 3 months ago Any reference to the trivial mitm attacks which signal has suffered? discuss order hn newest upofadown|3 months ago This is mostly about the usability issues that make such attacks work so well on Signal:https://www.ndss-symposium.org/wp-content/uploads/2018/03/09...This adds some detail about how Signal can do MITM attacks:https://sequoia-pgp.org/blog/2021/06/28/202106-hey-signal-gr...Some of the details might of changed since publication. My current understanding is that Signal doesn't even bring up the idea of identity verification if a user has not previously done it. So if anything, things have gotten worse.
upofadown|3 months ago This is mostly about the usability issues that make such attacks work so well on Signal:https://www.ndss-symposium.org/wp-content/uploads/2018/03/09...This adds some detail about how Signal can do MITM attacks:https://sequoia-pgp.org/blog/2021/06/28/202106-hey-signal-gr...Some of the details might of changed since publication. My current understanding is that Signal doesn't even bring up the idea of identity verification if a user has not previously done it. So if anything, things have gotten worse.
upofadown|3 months ago
https://www.ndss-symposium.org/wp-content/uploads/2018/03/09...
This adds some detail about how Signal can do MITM attacks:
https://sequoia-pgp.org/blog/2021/06/28/202106-hey-signal-gr...
Some of the details might of changed since publication. My current understanding is that Signal doesn't even bring up the idea of identity verification if a user has not previously done it. So if anything, things have gotten worse.