> On Dec 9, 2024, at 19:30, Dianne Skoll via linux <[email protected]>
> wrote:
>
> Hmm... https://en.wikipedia.org/wiki/Viber#Security_audit
>
> "In May 2016, Viber published an overview of their encryption
> protocol, saying that it is a custom implementation..."
>
> This gives me pause.
>
Agreed. Custom crypto is usually a really bad idea. Cryptography is hard enough
to get right even with lots of public analysis.
> If there is some sort of communication that you want to be protected
> from interception by a nation-state, then this is my recommendation:
>
> Do not communicate it electronically.
>
Rubber hose decryption works very well to extract keys and secrets. If you have
a real secret. Don’t tell anyone.
Traffic pattern analysis tells the TLA tons. They don’t need to see the
content. They can always plant some bugs on your computer or in your residence
if they are curious about you. Companies like GOOG and FB I am pretty sure does
traffic pattern analysis on their email/message traffic. None of you use Gmail
or WhatsApp, right?
/sc
To unsubscribe send a blank message to [email protected]
To get help send a blank message to [email protected]
To visit the archives: https://lists.linux-ottawa.org
