Threema Audit: Messenger Threema resists security check (almost) without incidents

Discussion in 'privacy technology' started by guest, Apr 3, 2019.

  1. guest

    guest Guest

    Threema Audit: Messenger Threema resists security check (almost) without incidents
    New Threema audit
    March 28, 2019
    https://threema.ch/en/blog/posts/audit19en
    Security Audit Report - Threema 2019 (PDF - 975 KB): https://threema.ch/press-files/2_documentation/security_audit_report_threema_2019.pdf
     
    guest, Apr 3, 2019
    #1
  2. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    They claim to only use PFS on the transport layer. Is this really as secure as using it on the messages itself, like Signal does?
     
    Beyonder, Apr 3, 2019
    #2
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,872
    Location:
    Outer space
    Imho certainly not. The point of end2end crypto is that you don't have to trust the server, so if you don't trust their server(could be multiple reasons; -someone on the dev team might not be trustworthy, -subpoena's for backdoors, -servers getting confiscated, -server hacked etc.) you basically don't have PFS with Threema.
     
    BoerenkoolMetWorst, Apr 3, 2019
    #3
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...