iMessage's 'End-To-End' Encryption Hardly Any Better Than TLS, Say Cryptography Researchers

[Lucian Armasu]

Cryptography and network security professor Matthew Green and his team of four students at the Johns Hopkins University released a paper describing all the uncovered vulnerabilities and attacks against the iMessage protocol.

iMessage's 'End-To-End' Encryption Hardly Any Better Than TLS, Say Cryptography Researchers : Read more

 

[mrbofus]

"iMessage's 'End-To-End' Encryption Hardly Any Better Than TLS, Say Cryptography Researchers"

Why is "end-to-end" in quotes? Isn't iMessage's encryption end-to-end? The quotes, particularly in the headline, imply that it's not...?

 

[Darkk]

"Ever since Edward Snowden released the NSA documents, an encryption mechanism called “forward secrecy” has significantly increased in popularity with service providers. The mechanism essentially automatically rotates the encryption keys at regular intervals, and once it switches to a new key, past data can’t be decrypted anymore."

Not entirely accurate. Using "forward secrecy" simply protects a session in transit. There are several sessions over a short period of time. Only that session gets compromised if the attacker figured out the session encryption key.

The attacker can capture all those sessions and do offline brute force which will take huge amount of resources and time to do it. NSA might be able to do this in parallel which is beyond reach for most of us.