WhatsApp, which uses it for encrypted client-to-server communication, and WireGuard®, which uses it for establishing Virtual Private Network (VPN) connections. Noise-based protocols are already in use in e.g. More precisely, the application of Noise will only change a part of Tox handshake - the so-called Authenticated Key Exchange (AKE). As a solution, there is a framework called Noise Protocol Framework (Noise, ) which can be used to create a new handshake for Tox. The current Tox handshake implementation is not state-of-the-art in cryptography and it also breaks the “ do not roll your own crypto” principle. In summary, KCI is exploitable, but with a huge effort.Īnyway, this is a real vulnerability and it should be fixed. There is no public exploit available which can just be used.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |