I don’t see any insults and the vulnerabilities were patched.
I agree that they downplayed it a bit, but back then they were still a for profit company. Now they are non-profit and it is in their interest to handle such cases in a way that is more aligned with their customers instead of their profits.
I’m copying my other response since you both had the same issue with my statements:
As you said, if PFS can be disabled by enabling a feature on the receiving end it’s by security practices not enabled, in the industry that’s called a downgrade attack and considered very bad practice.
The blog post you linked, is the publicly revised version after they were called out by well known cryptographers for their handling. This was their original response to the researchers, again after the researchers disclosed the vulnerabilities to them and actively helped designing the new protocol, not just giving inspiration. This was their initial tweet: „There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings“ which is long deleted, but I did read it while it was still up back then. I can’t find a screenshot or anything at the moment, so if you want to call me a liar, go ahead but if you search for that quote you will find many citations.
Also, they claimed „old protocol“ but Ibex was still months from being deployed widespread, so that’s another big downplay.
You mention Signals Desktop app issue, Threema claimed the attacks were unrealistic because they require significant computing power or social engineering, both things that are definitely a risk if you’re trying to protect yourself from bigger intelligence efforts. The issue with Signal Desktop however, required full file system access to your device at which point, there is nothing stopping the attacker from simply using a key logger, capturing your screen, etc.
This is why no big security researchers called out Signal but many shunned Threema. At the end I don’t have a horse in the race for either of them, but I think those are facts people need when making a decision with their private information.
Perfect Forward Secrecy has been around since version 5.0 (as an opt in beta feature) and enabled by default since 5.1.
https://threema.ch/en/blog/posts/security-proof-ibex
Here is the original statement you’re referring to:
https://threema.ch/en/blog/posts/news-alleged-weaknesses-statement
I don’t see any insults and the vulnerabilities were patched.
I agree that they downplayed it a bit, but back then they were still a for profit company. Now they are non-profit and it is in their interest to handle such cases in a way that is more aligned with their customers instead of their profits.
I’m copying my other response since you both had the same issue with my statements:
As you said, if PFS can be disabled by enabling a feature on the receiving end it’s by security practices not enabled, in the industry that’s called a downgrade attack and considered very bad practice.
The blog post you linked, is the publicly revised version after they were called out by well known cryptographers for their handling. This was their original response to the researchers, again after the researchers disclosed the vulnerabilities to them and actively helped designing the new protocol, not just giving inspiration. This was their initial tweet: „There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings“ which is long deleted, but I did read it while it was still up back then. I can’t find a screenshot or anything at the moment, so if you want to call me a liar, go ahead but if you search for that quote you will find many citations.
Also, they claimed „old protocol“ but Ibex was still months from being deployed widespread, so that’s another big downplay.
You mention Signals Desktop app issue, Threema claimed the attacks were unrealistic because they require significant computing power or social engineering, both things that are definitely a risk if you’re trying to protect yourself from bigger intelligence efforts. The issue with Signal Desktop however, required full file system access to your device at which point, there is nothing stopping the attacker from simply using a key logger, capturing your screen, etc.
This is why no big security researchers called out Signal but many shunned Threema. At the end I don’t have a horse in the race for either of them, but I think those are facts people need when making a decision with their private information.