web01.fireside.fm Wed, 22 Apr 2026 14:40:48 -0500 Fireside (https://fireside.fm) Cryptography FM - Episodes Tagged with “Secure Messaging” https://cryptography.fireside.fm/tags/secure%20messaging Mon, 16 Jan 2023 13:00:00 +0100 Cryptography FM is a regular podcast with news and a featured interview covering the latest developments in theoretical and applied cryptography. Whether it's a new innovative paper on lattice-based cryptography or a novel attack on a secure messaging protocol, we'll get the people behind it on Cryptography FM. en-us episodic In-depth, substantive discussions on the latest news and research in applied cryptography. Symbolic Software Cryptography FM is a regular podcast with news and a featured interview covering the latest developments in theoretical and applied cryptography. Whether it's a new innovative paper on lattice-based cryptography or a novel attack on a secure messaging protocol, we'll get the people behind it on Cryptography FM. no cryptography Symbolic Software nadim@symbolic.software Episode 22: Three Lessons from Threema: Breaking a Secure Messenger! https://cryptography.fireside.fm/22 856b33dd-f3d4-4e22-9d17-bfccafe87e75 Mon, 16 Jan 2023 13:00:00 +0100 Symbolic Software 22 Episode 22: Three Lessons from Threema: Breaking a Secure Messenger! full Symbolic Software Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. Kenny, Kien and Matteo from the ETH Zurich Applied Cryptography Group present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice. 52:12 no Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. Kenny, Kien and Matteo from the ETH Zurich Applied Cryptography Group present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice. Links and papers discussed in the show: * Three Lessons from Threema (https://breakingthe3ma.app/) Special Guests: Kenny Paterson, Kien Tuong Truong, and Matteo Scarlata. secure messaging, threema, applied cryptography Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers.

Kenny, Kien and Matteo from the ETH Zurich Applied Cryptography Group present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice.

Links and papers discussed in the show:

Special Guests: Kenny Paterson, Kien Tuong Truong, and Matteo Scarlata.

Sponsored By:

Links:

]]> Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers.

Kenny, Kien and Matteo from the ETH Zurich Applied Cryptography Group present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice.

Links and papers discussed in the show:

Special Guests: Kenny Paterson, Kien Tuong Truong, and Matteo Scarlata.

Sponsored By:

Links:

]]> Episode 16: Contact Discovery in Mobile Messengers! https://cryptography.fireside.fm/16 65362544-3293-41c7-8650-f2cf8e2058a7 Mon, 24 May 2021 15:00:00 +0200 Symbolic Software 16 Episode 16: Contact Discovery in Mobile Messengers! full Symbolic Software Do we really need to rely on sharing every phone number on our phone in order for mobile messengers to be usable? What are the privacy risks, and do better cryptographic alternatives exist for managing that data? Joining us are researchers looking exactly into this problem, who will tell us more about their interesting results. 46:44 no Contact discovery is a core feature in popular mobile messaging apps such as WhatsApp, Signal and Telegram that lets users grant access to their address book in order to discover which of their contacts are on that messaging service. While contact discovery is critical for WhatsApp, Signal and Telegram to function properly, privacy concerns arise with the current methods and implementations of this feature, potentially resulting in the exposure of a range of sensitive information about users and their social circle. Do we really need to rely on sharing every phone number on our phone in order for mobile messengers to be usable? What are the privacy risks, and do better cryptographic alternatives exist for managing that data? Joining us are researchers looking exactly into this problem, who will tell us more about their interesting results. Links and papers discussed in the show: All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-3_23159_paper.pdf) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guests: Alexandra Dmitrienko, Christian Weinert, and Christoph Hagen. secure messaging, contact discovery, security and privacy,metadata Contact discovery is a core feature in popular mobile messaging apps such as WhatsApp, Signal and Telegram that lets users grant access to their address book in order to discover which of their contacts are on that messaging service. While contact discovery is critical for WhatsApp, Signal and Telegram to function properly, privacy concerns arise with the current methods and implementations of this feature, potentially resulting in the exposure of a range of sensitive information about users and their social circle.

Do we really need to rely on sharing every phone number on our phone in order for mobile messengers to be usable? What are the privacy risks, and do better cryptographic alternatives exist for managing that data? Joining us are researchers looking exactly into this problem, who will tell us more about their interesting results.

Links and papers discussed in the show:
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guests: Alexandra Dmitrienko, Christian Weinert, and Christoph Hagen.

Sponsored By:

Links:

  • All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers — Contact discovery allows users of mobile messen- gers to conveniently connect with people in their address book. In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods. Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, large- scale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (cross- messenger) usage statistics, which also reveal that very few users change the default privacy settings. Regarding mitigations, we propose novel techniques to significantly limit the feasibility of our crawling attacks, especially a new incremental contact discovery scheme that strictly improves over Signal’s current approach. Furthermore, we show that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal of mobile phone numbers. For this, we also propose a significantly improved rainbow table construction for non-uniformly distributed inputs that is of independent interest.
]]> Contact discovery is a core feature in popular mobile messaging apps such as WhatsApp, Signal and Telegram that lets users grant access to their address book in order to discover which of their contacts are on that messaging service. While contact discovery is critical for WhatsApp, Signal and Telegram to function properly, privacy concerns arise with the current methods and implementations of this feature, potentially resulting in the exposure of a range of sensitive information about users and their social circle.

Do we really need to rely on sharing every phone number on our phone in order for mobile messengers to be usable? What are the privacy risks, and do better cryptographic alternatives exist for managing that data? Joining us are researchers looking exactly into this problem, who will tell us more about their interesting results.

Links and papers discussed in the show:
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guests: Alexandra Dmitrienko, Christian Weinert, and Christoph Hagen.

Sponsored By:

Links:

  • All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers — Contact discovery allows users of mobile messen- gers to conveniently connect with people in their address book. In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods. Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, large- scale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (cross- messenger) usage statistics, which also reveal that very few users change the default privacy settings. Regarding mitigations, we propose novel techniques to significantly limit the feasibility of our crawling attacks, especially a new incremental contact discovery scheme that strictly improves over Signal’s current approach. Furthermore, we show that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal of mobile phone numbers. For this, we also propose a significantly improved rainbow table construction for non-uniformly distributed inputs that is of independent interest.
]]> Episode 9: Off-the-Record Messaging and PKI Implementations! https://cryptography.fireside.fm/9 b20813a0-c3ff-42f1-9e2c-26d027ccd087 Fri, 20 Nov 2020 18:00:00 +0100 Symbolic Software 9 Episode 9: Off-the-Record Messaging and PKI Implementations! full Symbolic Software Sofía Celi of Cloudflare talks about the latest version of Off-the-Record secure messaging protocol, why deniability is important, and more. 41:41 no Before there was Signal, before there was WhatsApp, the realm of secure encrypted messaging was ruled by the Off-the-Record secure messaging protocol, created as an alternative to PGP that introduced security properties like forward secrecy and deniability that were considered exotic at the time. Now, more than a decade later, Off-the-Record messaging, or OTR, has been largely sidelined by Signal variants. But a small team of cryptography engineers is still working on pushing Off-the-Record messaging forward by focusing on use cases that they argue aren’t sufficiently covered by Signal. But what even is deniability, and how much does it matter in the real-world context of secure messaging? Sofía Celi joins us in today’s episode to talk about this and more. Links and papers discussed in the show: * OTRv4 (https://github.com/otrv4/otrv4) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guest: Sofía Celi. secure messaging Before there was Signal, before there was WhatsApp, the realm of secure encrypted messaging was ruled by the Off-the-Record secure messaging protocol, created as an alternative to PGP that introduced security properties like forward secrecy and deniability that were considered exotic at the time.

Now, more than a decade later, Off-the-Record messaging, or OTR, has been largely sidelined by Signal variants. But a small team of cryptography engineers is still working on pushing Off-the-Record messaging forward by focusing on use cases that they argue aren’t sufficiently covered by Signal. But what even is deniability, and how much does it matter in the real-world context of secure messaging? Sofía Celi joins us in today’s episode to talk about this and more.

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guest: Sofía Celi.

Sponsored By:

]]> Before there was Signal, before there was WhatsApp, the realm of secure encrypted messaging was ruled by the Off-the-Record secure messaging protocol, created as an alternative to PGP that introduced security properties like forward secrecy and deniability that were considered exotic at the time.

Now, more than a decade later, Off-the-Record messaging, or OTR, has been largely sidelined by Signal variants. But a small team of cryptography engineers is still working on pushing Off-the-Record messaging forward by focusing on use cases that they argue aren’t sufficiently covered by Signal. But what even is deniability, and how much does it matter in the real-world context of secure messaging? Sofía Celi joins us in today’s episode to talk about this and more.

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guest: Sofía Celi.

Sponsored By:

]]> Episode 7: Scaling Up Secure Messaging to Large Groups With MLS! https://cryptography.fireside.fm/7 09e54625-0f32-4b15-a3ae-881d0be8b502 Tue, 10 Nov 2020 16:00:00 +0100 Symbolic Software 7 Episode 7: Scaling Up Secure Messaging to Large Groups With MLS! full Symbolic Software Raphael Robert from Wire talks about how MLS wants to scale secure messaging to groups with hundreds or even thousands of participants. 45:10 no Secure messaging protocols like Signal have succeeded at making end-to-end encryption the norm in messaging more generally. Whether you’re using WhatsApp, Wire, Facebook Messenger’s Secret Chat feature, or Signal itself, you’re benefiting from end-to-end encryption across all of your messages and calls, and it’s so transparent that most users aren’t even aware of it! One area in which current secure messaging protocols have stalled, however, is the ability to scale secure conversations to groups of dozens, hundreds and even thousands of people. But the IETF’s Messaging Layer Security, or MLS, effort aims to make that happen. Bringing together a collaboration between Wire, Mozilla, Cisco, Facebook, as well as academia, MLS wants to become the TLS of secure messaging, and make it possible to hold secure conversations scaling to thousands of participants. But what are the real-world implementation risks involved? Are conversations even worth securing when you’ve got hundreds of potential leakers? Links and papers discussed in the show: * MLS Website (https://messaginglayersecurity.rocks/) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guest: Raphael Robert. secure messaging Secure messaging protocols like Signal have succeeded at making end-to-end encryption the norm in messaging more generally. Whether you’re using WhatsApp, Wire, Facebook Messenger’s Secret Chat feature, or Signal itself, you’re benefiting from end-to-end encryption across all of your messages and calls, and it’s so transparent that most users aren’t even aware of it!

One area in which current secure messaging protocols have stalled, however, is the ability to scale secure conversations to groups of dozens, hundreds and even thousands of people. But the IETF’s Messaging Layer Security, or MLS, effort aims to make that happen. Bringing together a collaboration between Wire, Mozilla, Cisco, Facebook, as well as academia, MLS wants to become the TLS of secure messaging, and make it possible to hold secure conversations scaling to thousands of participants.

But what are the real-world implementation risks involved? Are conversations even worth securing when you’ve got hundreds of potential leakers?

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guest: Raphael Robert.

Sponsored By:

]]> Secure messaging protocols like Signal have succeeded at making end-to-end encryption the norm in messaging more generally. Whether you’re using WhatsApp, Wire, Facebook Messenger’s Secret Chat feature, or Signal itself, you’re benefiting from end-to-end encryption across all of your messages and calls, and it’s so transparent that most users aren’t even aware of it!

One area in which current secure messaging protocols have stalled, however, is the ability to scale secure conversations to groups of dozens, hundreds and even thousands of people. But the IETF’s Messaging Layer Security, or MLS, effort aims to make that happen. Bringing together a collaboration between Wire, Mozilla, Cisco, Facebook, as well as academia, MLS wants to become the TLS of secure messaging, and make it possible to hold secure conversations scaling to thousands of participants.

But what are the real-world implementation risks involved? Are conversations even worth securing when you’ve got hundreds of potential leakers?

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guest: Raphael Robert.

Sponsored By:

]]>