Cool so there's a new attack against the Signal protocol, specifically the PFS. You can keep requesting PFS prekeys from a user and once theyre drained you have a better shot at being able to break that layer of security but more interesting is that the time it takes to get the new prekeys indicates if the device is online or not, so this is a metadata leak
Whatsapp published the research. Unclear if this is only Whatsapp's implementation that they're discussing.
This entry was edited (2 days ago)
Peter Vágner reshared this.