Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Analysis of WeChat’s MMTLS Encryption Protocol (New report by Citizen Lab) #409

Open
immartian opened this issue Oct 16, 2024 · 1 comment

Comments

@immartian
Copy link

https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol/

Great work, Citizen Lab team. While these findings aren't entirely new, your strong assertion is particularly noteworthy:

These findings contribute to a larger body of work that suggests that apps in the Chinese ecosystem fail to adopt cryptographic best practices, opting instead to invent their own, often problematic systems.

It wouldn't be surprising to see MMTLS undergo major overhauls in the future, but the question is whether such corrections will come proactively or only after a serious incident.

@klzgrad
Copy link

klzgrad commented Oct 19, 2024

It's not new that apps in the Chinese circumvention ecosystem also fail to adopt cryptographic best practices, opting instead to invent their own, often problematic systems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants