You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey, I'm too lazy to properly outline the issues I found, so I will just list them in a non-specific order, especially as the protocol effectively needs to be entirely redone anyway.
Encrypting messages with RSA-OAEP which can only safely handle messages up to 245 bytes with 2048bit keys.
RSA in 2025.
RSA 2048bit keys, and not 4096.
Extremely easy to MITM attack, the server can literally just swap out the received keys with their own.
Files aren't encrypted at all.
Leaks metadata everywhere, even when avoidable.
No way to verify if the other party is who they claim to be / security numbers.
Hey, I'm too lazy to properly outline the issues I found, so I will just list them in a non-specific order, especially as the protocol effectively needs to be entirely redone anyway.
Unsure if there is more, i genuinely only spend 15 minutes with the source code.
Here are some resources to maybe help you get a better protocol working.
Also look at the double ratchet as reference :)