Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Matthew Green Profile picture
@matthew_d_green
Sep 19 5 tweets 2 min read Twitter logo Read on Twitter
New leak from the Snowden documents. Image
To give some context, here are the contents of an initial Snowden leak from September 2013. Cavium was a leading manufacturer of cryptographic co-processors for VPN devices at that time. archive.nytimes.com/www.nytimes.co…
Image
Just to give a sense of how important these chips are to VPN security (and without making any specific claims about this hardware) here’s the FIPS security policy for Cisco’s ASA crypto module, showing how much crypto the Cavium Nitrox chip implements. csrc.nist.gov/CSRC/media/pro…
Image
Typically these chips would directly write Diffie-Hellman secret keys into memory using their internal RNG. It would be fascinating to see a detailed reverse-engineering of some of those older co-processors from the time period.
The formal name for this stuff is “algorithm substitution attacks.” Basically, you replace a cryptographic algorithm with a different one that “looks the same” from the outside, but contains a trapdoor for the NSA to exploit.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matthew Green

Matthew Green Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @matthew_d_green

Matthew Green Profile picture
Jul 27
I’m just catching up on Web Integrity but it looks really concerning. Basically adds DRM to your browser so only approved browsers can access certain sites.
What worries me about this is that the web is currently one of the only open alternatives to the app stores. Closing it down (even if there are benefits) seems like it will make government control a lot easier.
I feel like in the past this would be the point that a bunch of Chrome engineers come out of the woodwork and tell me I’m wrong, that actually this is great for security and won’t harm the open web at all. So I’ll pause and see what happens.
Read 4 tweets
Matthew Green Profile picture
Jul 12
Computer security would be about 80% solved if we just deprecated every technology shown in this graphic.
Diagram from:
@withzombies Save a bullet for NTLM.
Read 6 tweets
Matthew Green Profile picture
Jul 3
Too much timing data is available even from encrypted messaging apps, when a passive adversary surveills the network links for a whole country. It might be smart to add some kind of delayed delivery feature. nytimes.com/2023/07/03/tec…
This paper looked at Signal’s Sealed Sender back in ‘21 and showed that you could recover sender/recipient information after seeing a few (encrypted) messages, because of things like delivery receipts. No idea if there’s a fix for this. https://t.co/WJLP2mN3CMndss-symposium.org/wp-content/upl…


Hiding metadata likes message delivery timing is in general very hard: but we seem to live in this threat model, maybe it’s time to think about what apps can do here.
Read 9 tweets
Matthew Green Profile picture
May 17
The EU Council is continuing to debate a law that would require communication providers to scan all communications, potentially including end-to-end encrypted conversations. And they are now debating including audio conversations as well.
It’s not clear to me precisely what content scanning for audio conversations would entail, but it seems to involve some kind of AI system routinely listening to your phone conversations. Image
Just in case you’re not aware, this is a real thing that’s happening right now in the world’s largest set of democracies. And people don’t seem to be paying any attention.
Read 5 tweets
Matthew Green Profile picture
Apr 21
My wife was looking for pictures of our kids on my phone, and found a photo from a topless beach. Which immediately led to a lot of marital awkwardness and worry (on my part) that somehow I took this creepy photo and also maybe that I have Alzheimer’s.
A little investigation revealed the photo was from Spain, circa 2017. I wasn’t in Spain in 2017.

Felt like I had just gotten a death row pardon from the governor.
Anyway: the TL;DR is WhatsApp, which saves random photos to your camera roll. I’ve turned that option off since.

A single friend in Spain must have sent me the photo, so six years later I’m awkwardly trying to explain it to my wife. Image
Read 9 tweets
Matthew Green Profile picture
Apr 13
Woohoo! WhatsApp has released key transparency! engineering.fb.com/2023/04/13/sec…
So here’s a thread on key transparency, and why this is a big deal. 1/
Most encrypted messaging apps require the user to generate a public/private encryption key. The secret key lives in your device, and the public key gets sent to anyone who wants to message you. In systems like WhatsApp, the distribution of keys is handled by the WhatsApp server.
Read 16 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(