Techly NewsGet the app

Get the latest tech news

A bit more on Twitter/X's new encrypted messaging


Matthew Garrett has a nice post about Twitter (uh, X)’s new end-to-end encryption messaging protocol, which is now called XChat. The TL;DR of Matthew’s post is that from a cryptographic…

A six-digit PIN provides at most 2 20 security, which is what cryptographers call “a pretty small number.” Even if you use a “hard” key derivation function like scrypt or Argon2 with insane difficulty settings, you’re still probably still going to lose your data. Unless and until X proves that they’re using HSMs (and have destroyed all programming cards) you should just assume that their Juicebox instantiation is based on software realms under X’s control, and that means it is likely vulnerable to brute-force password-guessing attacks. Critically, when the counter reaches some maximum (usually ten incorrect attempts), the server must lock the user’s account — or much better, delete the account-specific key K. This is what prevents attackers from systematically guessing their way through every possible PIN.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Twitter

Twitter

Photo of Bit

Bit

Related news:

News photo

Trump-Musk Meltdown Spurs Flash of Long-Gone Twitter on X

News photo

Vulkan 1.4.317 Introduces VP9 Video Decode, ARM Tensors & 8-bit Floating Point

News photo

Twitter's new encrypted DMs aren't better than the old ones

« Metal 4 for macOS Tahoe 26 introduces new gaming features like frame interpolation
Pi in Pascal's Triangle (2014) »