Profile picture
, 66 tweets, 23 min read
My Authors
Read all threads
LIVE FROM COLUMBIA, IT'S DAY 3 OF #REALWORLDCRYPTO
Starting the Messaging session is "E2EE for Messenger: goals, plans and thinking"

#realworldcrypto
Zuck wants to integrate and E2E encrypt all the messaging services (messenger, Instagram, WhatsApp)

#realworldcrypto
Want to avoid accidental logging of messages and crash reports, same with any data derived from message contents

#realworldcrypto
This requires pushing a lot of existing server functionality to the client, making the server basically a dumb router. 👍

#realworldcrypto
Would like to automatically enforce rules on metadata on the client too, need to build privacy into existing FB tooling and infra

#realworldcrypto
"Messenger is inherently multi device and multi platform" , this includes the web. 😬

#realworldcrypto
Would binary transparency help here?

#realworldcrypto
Store as little data as we can to maintain functionality

#realworldcrypto
Migrating an existing product to E2E is really complex

#realworldcrypto
"We are going to ship this." 🤞

#realworldcrypto
Q: Pushing social graph to the client?

A: no comment

#realworldcrypto
Q: Key transparency?

A: We allow manual verification of keys in the app, nothing newer than that

#realworldcrypto
Q: Usage stats of existing Secret Conversations?

A: No public numbers atm

#realworldcrypto
Next up, "Security Analysis and Improvements for the IETF MLS Standard for Group Messaging"

#realworldcrypto
Long lived group chats, federated E2E encrypted

#realworldcrypto
Goal is to do for group chats what TLS did for transport layer

#realworldcrypto
Goals include forward secrecy and post-compromise security, DoS is out of scope for now

#realworldcrypto
The current MLS spec draft: ietf.org/id/draft-ietf-…

#realworldcrypto
'group management'

#realworldcrypto
Continuous group key agreement

#realworldcrypto
These control messages need to be processed in the same order by all group members…

#realworldcrypto
CGKA allows us to assume authenticated channels

#realworldcrypto
#realworldcrypto
#realworldcrypto
This gives us TreeKEM, and the TreeKEM with blanks variant

prosecco.gforge.inria.fr/personal/karth…

#realworldcrypto
Modify the existing tree from epoch to epoch, each user gets a leaf, each node gets a keypair except root node

#realworldcrypto
#realworldcrypto
Updating the tree as keys are ratcheted, conveyed over a packet 'message' encrypted to the copath

#realworldcrypto
#realworldcrypto

We need all the critical keys to e removed to maintain forward secrecy
😬

#realworldcrypto
😬😬😬

#realworldcrypto
We can do better!

#realworldcrypto
RTreeKem, closely related to Key-Updateable PKE in 2-party messaging

#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
Paper! eprint.iacr.org/2019/1189.pdf

#realworldcrypto
No time for questions, moving onto the compromised credentials session with "Protecting accounts from credential stuffing with password breach alerting"

#realworldcrypto
Large breaches result in massive amounts of compromised credentials that attackers just try in other services, over and over

#realworldcrypto
Want to make queries about which passwords are compromised, without leaking

#realworldcrypto
#realworldcrypto
Want to make sure that the cost of abusing this query API is larger than just going directly to cred dumps on the dark web or wherever

#realworldcrypto
Hash to curve! "An elliptic curve where the discrete log is hard."

'oh ok I won't choose a supersingular curve then' ;)

#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
A memory-hard hash function can also help mitigate abuse risk

#realworldcrypto
OK so where do you get the collection of compromised creds? It sounds like the abuse team at Google has… access to those?

#realworldcrypto
Implemented as part of the Password Checkup Chrome extension: chrome.google.com/webstore/detai…

#realworldcrypto
Collected anonymous telemetry on extension usage on login, ignore the alert, and on actual password changes prompted by the extension alert.

#realworldcrypto
The install base is biased towards people who care enough to install such an extension so maybe these numbers are not representative of the general population but even so, on 26% of breached creds were rotated!

#realworldcrypto
94% of the new passwords were as strong or stronger, so that's good.

#realworldcrypto
Now implemented into Chrome itself! 👏

#realworldcrypto
Q: Can this be abused to try to match a weak password?

A: Attacker would need to spend more time to do that, we rate limit queries and note that on their accounts if logged into Chrome (???)

#realworldcrypto
Next up, "Protocols for Checking Compromised Credentials"

#realworldcrypto
#realworldcrypto
They claim these services do leak information about passwords 😯

#realworldcrypto
#realworldcrypto
The checking service stores hundreds of millions of passwords, needs to be able to handle many queries

#realworldcrypto
#realworldcrypto
#realworldcrypto
If the username is known to the attacker, the H(user || password) prefix as an id is insecure

#realworldcrypto
For password only, like HIBP, there is still enough leakage that speeds up remote guessing attacks.

#realworldcrypto
🤔

#realworldcrypto
"Easy to guess the password if you know the bucket", and more common passwords can be bucketed together easily

#realworldcrypto
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Deirdre Connolly¹

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#realworldcrypto

More from @durumcrustulum see all

Profile picture
Deirdre Connolly¹
@durumcrustulum
#realworldcrypto
If the attacker has <= Q guesses, access to the FSB bucket will give no advantage over baseline guessing. Higher Q, greater security loss

#realworldcrypto
#realworldcrypto
Read 103 tweets
Profile picture
Deirdre Connolly¹ @ Real World Crypto
@durumcrustulum
LIVE FROM COLUMBIA, IT'S DAY 2 OF #REALWORLDCRYPTO
I'm starting another thread because there were multiple branches in the previous one 🤦‍♀️
Second talk of the MPC session is on Apple's 'Find My Device' feature

#realworldcrypto
Read 319 tweets
Profile picture
Deirdre Connolly¹ @ Real World Crypto
@durumcrustulum
LIVE FROM COLUMBIA, IT'S #REALWORLDCRYPTO
First up is the TLS session 🔒
First talk is Johanna Amann on measuring TLS 1.3 deployment in the wild with active and passive methods

#realworldcrypto
Read 250 tweets

Related threads

Profile picture
SCMP News
@SCMPNews
#LIVE: Protesters are staging at least three more demonstrations today, and tensions are high. Follow our live coverage here: sc.mp/uy5tc #hongkongprotests
#LIVE: Earlier, police, residents and protesters were in a stand-off outside the Sogo department store in Causeway Bay. Officers briefly raise a black flag, which means those gathered must disperse or tear gas will be used sc.mp/uy5tc #hongkongprotests
#LIVE: Festival Walk shopping mall in Kowloon Tong is open as normal, despite a planned boycott this afternoon. There are fewer mainland Chinese shoppers than usual sc.mp/uy5tc #hongkongprotests
Read 85 tweets
Profile picture
SCMP News
@SCMPNews
#LIVE: Hong Kong is entering its 17th straight weekend of civil unrest, on the fifth anniversary of the start of the Occupy movement. Follow our coverage here: sc.mp/r6mdq #hongkongprotests
#LIVE: Some MTR station exits in Admiralty, Causeway Bay and Wan Chai have already been closed ahead of the rally. The railway operator has warned that certain stations or exits may be shut down at any time. sc.mp/r6mdq #hongkongprotests
#LIVE: Earlier in the day, groups of protesters pasted posters all the way from Causeway Bay to Admiralty, creating a long “Lennon Wall”. Photos: SCMP/Felix Wong, K.Y. Cheng sc.mp/r6mdq #hongkongprotests
Read 51 tweets
Profile picture
Unicorn Riot
@UR_Ninja
#LIVE: Direct Actions Disrupt #DC to Demand Climate Action - #ShutDownDC periscope.tv/UR_Ninja/1dRKZ…
More info on todays #ClimateStrikedc actions:

unicornriot.ninja/2019/direct-ac…
#BREAKING: Activists w Extinction Rebellion shut down intersection of 16th & K in Washington, DC by parking a sailboat in the street.

This is part of several disruptive #ClimateStrike actions working to #ShutDownDC this AM.
Read 24 tweets
Profile picture
Arab News
@arabnews
#LIVE - Jeddah Season press conference: "We are ready for #Jeddah to take its natural spot among other cities. #JeddahSeason is one of the most important seasons" says Raeed Abu Jnadah, CEO of @JED_SEASON
#LIVE: Jeddah Season press conference: "We aim for the success of Jeddah Season, the competition is high but we’re striving to diversify its content," @JED_SEASON CEO Jnadah adds #Jeddah #SaudiArabia
#LIVE - #JeddahSeason press conference: CEO Raeed Abu Zinadah on the logo: "The fish is the symbol of Jeddah Season and it will guide visitors to explore more of the Kingdom, we started in mid-January and we’ve prepared locations in the city since" @JED_SEASON #SaudiArabia
Read 17 tweets

Trending hashtags

#goals #ClimateChange #Tourism #STRONG #TrumpB #revising #IndoPacific #ShutDownDC #WritingCommunity #hongkongprotests #Facebook #ShirleyCHidsey #canpoli #SantaBarbara #hillarysemail #disabled #tngop #writers #RealWorldCrypto #WeAreNATO #openscience #43rdParliament #mentalhealth #ReadTheMuellerReport #ads
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!