GithubHelp home page GithubHelp logo

Insecure RSA key exchange about netchat HOT 6 OPEN

Antricks avatar Antricks commented on August 16, 2024
Insecure RSA key exchange

from netchat.

Comments (6)

Antricks avatar Antricks commented on August 16, 2024 1

I think I'll need to study this here: https://signal.org/docs/
At the moment our system is totally scuffed and should not be trusted. How did I think this was a working solution.
My monkey brain probably went like "Ooh ooh ahh ahh SSH use RSA - RSA secure as fuck"

from netchat.

Antricks avatar Antricks commented on August 16, 2024

TLS without using a trusted third party would have the same problem.

from netchat.

Antricks avatar Antricks commented on August 16, 2024

The server could be evil too, as it controls the public RSA keys of other users. It would be extremely easy to craft a server that MITMs the RSA keys and thus would break "end to end encryption".

from netchat.

Antricks avatar Antricks commented on August 16, 2024

But that's what this project is for - me learning how stupid I am when it comes to crypto...
Hopefully, we'll get to something that can at least kind of be trusted in the future.

from netchat.

Antricks avatar Antricks commented on August 16, 2024

Here's more material to read: https://security.stackexchange.com/questions/237263/rsa-key-exchange

from netchat.

Antricks avatar Antricks commented on August 16, 2024

Also what if the RSA private key gets leaked somehow? At the moment I'm using the same key pair for ID and for encryption. This is brutally wrong. We'll need some kind of rekeying. I wonder how OpenSSH does that though... I mean they pretty much have the same problem as we have when it comes to leaked private rsa keys. Their files seem to be named id_rsa for some good reason. Time to deep dive into OpenSSH's encryption too...

from netchat.

Related Issues (1)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.