all InfoSec news
Practically-exploitable Cryptographic Vulnerabilities in Matrix
April 5, 2023, 12:48 p.m. |
IACR News www.iacr.org
ePrint Report: Practically-exploitable Cryptographic Vulnerabilities in Matrix
Martin R. Albrecht, Sofía Celi, Benjamin Dowling, Daniel Jones
We report several practically-exploitable cryptographic vulnerabilities in the Matrix standard for federated real-time communication and its flagship client and prototype implementation, Element. These, together, invalidate the confidentiality and authentication guarantees claimed by Matrix against a malicious server. This is despite Matrix’ cryptographic routines being constructed from well-known and -studied cryptographic building blocks. The vulnerabilities we exploit differ in their nature (insecure by design, protocol …
authentication bugs client communication confidentiality daniel design distributed domain eprint report exploit insecure insecure by design malicious matrix nature protocol prototype report server standard vulnerabilities well-known
More from www.iacr.org / IACR News
$\mathsf{FRAST}$: TFHE-friendly Cipher Based on Random S-boxes
2 days, 22 hours ago |
www.iacr.org
A Deniability Analysis of Signal's Initial Handshake PQXDH
2 days, 22 hours ago |
www.iacr.org
BGJ15 Revisited: Sieving with Streamed Memory Access
2 days, 22 hours ago |
www.iacr.org
Quantum Key-Revocable Dual-Regev Encryption, Revisited
2 days, 22 hours ago |
www.iacr.org
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Sr. Staff Firmware Engineer – Networking & Firewall
@ Axiado | Bengaluru, India
Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)
@ SAP | Walldorf, DE, 69190
SAP Security Administrator
@ FARO Technologies | EMEA-Portugal