Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The sad part is that iMessage's encryption appears to be of dubious quality. Even worse, the protocol is not public, so there's no way to audit it.


If you can't audit it, you can't be sure it is sound. But you seem to claim that it isn't sound, which also isn't possible without an audit.

I think there are at least a few engineers at Apple capable of implementing this correctly. Not that I assume it's unbreakable, I'm just not as pessimistic.


When you're talking about encryption pessimism is the default. The whole point is lack of trust.


> But you seem to claim that it isn't sound, which also isn't possible without an audit.

That's not quite true, right? If encryption was successfully broken, then you wouldn't need an audit. Even if it wasn't broken, there's still things like this: http://pthree.org/2012/02/17/ecb-vs-cbc-encryption/


What has been inferred so far is worrying http://imfreedom.org/wiki/IMessage.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: