The Citizen Lab: An analysis of WeChat’s network protocol MMTLS finds that it is a modified version of TLS 1.3 and WeChat developers’ changes to its cryptography add weaknesses  —  Key contributions  — We performed the first public analysis of the security and privacy properties of MMTLS …

  • noride@lemm.ee
    link
    fedilink
    English
    arrow-up
    10
    ·
    27 days ago

    I found that to be a really good read. I have to say though, none of the design decisions read like mistakes if you consider that perhaps the encryption is ment to be reversible by WeChat.

    They call the fact that WeChat generates the client encryption keys server side “highly unusual”, instead of the obvious, which is they found an easy way to keep prying eyes out of their protocol, while still giving themselves complete decryption control.