Moxie's "unbreakable" end-to-end communication protocol.
Lol, so like ... all encryption schemes since the 70s?
Hashing is not encrypting.
You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/
Load this page, https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Ctrl-F "hash". No mention of it.
Before being pedantic at least check out the url in that comment to get the basics going.
You're correct that a pure encryption algorithm doesn't use hashing. But real-world encryption systems will include an HMAC to detect whether messages were altered in transit. HMACs do use hash functions.
> Hashing is not encrypting.
> You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/
Thank you for that link. Your original comment implied that Signal's threat model should have included an attacker-controlled end. The only way to do that is to make decryption impossible by anyone, including the intended recipient. A labyrinthine way to do that would be to substitute the symmetric-encryption algorithm with a hash algorithm, which of course destroys the plaintext, but does accomplish the goal of obfuscating it in transit, at rest, and forever.
> It's just a demo instance, but, these front ends are barely revealed to the public
This genuinely doesn't look any different from the control panels of commercial infostealers and RATs sold on Russian hacking forums. Those usually sell for between $200 and $20,000 depending on features and pricing model (one-time vs. ongoing subscription).
These spyware companies hype themselves up, but they're really not any different from Ivan's RAT-as-a-Service, besides having extra exploits to burn and wealthier customers.
recursivecaveat•1h ago
phendrenad2•1h ago