klzgrad
commented
1 week ago It's not new that apps in the Chinese circumvention ecosystem also fail to adopt cryptographic best practices, opting instead to invent their own, often problematic systems.
Open immartian opened 1 week ago
klzgrad
commented
1 week ago It's not new that apps in the Chinese circumvention ecosystem also fail to adopt cryptographic best practices, opting instead to invent their own, often problematic systems.
https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol/
Great work, Citizen Lab team. While these findings aren't entirely new, your strong assertion is particularly noteworthy:
It wouldn't be surprising to see MMTLS undergo major overhauls in the future, but the question is whether such corrections will come proactively or only after a serious incident.