X, used to be Twitter, there Start launching Its new encrypted messaging feature is called “chat” or “Xchat”.
The company claims the new communications feature is End-to-end encryptionmeaning that messages exchanged on it can only be read by the sender and its receiver, and in theory, no one else, including X, can access them.
However, cryptography experts warn that X’s current encryption implementation in XCHAT should not be trusted. This is much worse than the signal, they say, a technology that has extensively considered the latest technology in terms of end-to-end encrypted chat.
In XCHAT, once the user clicks “Set Now”, X prompts them to create a 4-bit PIN, which will be used to encrypt the user’s private key. Then store this key on X’s server. A private key is essentially a secret encryption key assigned to each user, and its purpose is to decrypt messages. Just like in many end-to-end encryption services, the private key is paired with the public key, which is how the sender uses the recipient’s encrypted message.
This is the first red flag for Xchat. The signal stores the user’s private key on his device, not on his server. It is also important to store private keys on X servers and locations.
Security Researcher Matthew Garrett Who posted a blog post Around June Xchat, X announced new services and slowly Start launchingwrote that if the company does not use so-called hardware security modules or HSMs to store the keys, the company can tamper with the keys and potentially decrypt the messages. HSM is a harder server specifically for companies that have them access to internal data.
X Engineer explain In a June article, the company did use HSM, but he and the company have not provided any evidence to date. “Until this is done, this is ‘trust us, brother’ territory,” Garrett told TechCrunch.
The second red flag, X itself admits In the X Chat Support page, the current implementation of the service can allow “malicious internals or X itself” to compromise encrypted conversations.
Technically, this isThe opponent’s middleor AITM attacks. This makes the end-to-end encrypted messaging platform all the key points.
Garret said X “whenever you communicate with them, you’re given a public key, so even if they are implemented correctly, you can’t prove that they don’t constitute a new key,” and performed an AITM attack.
Another red flag is that at this time, none of the implementations of XCHAT are open source, unlike Signal, this is Public records. x explain It aims to “open source our implementation and describe encryption in depth through a technical white paper later this year.”
Finally, x does not provide “Perfect forward keeps confidential“A kind of encryption mechanism in which each new message is encrypted with a different key, meaning that if an attacker compromises the user’s private key, they can only decrypt the last message, not all of the above messages. The company itself can also admit This disadvantage.
As a result, Garrett believes Xchat is at a moment when users should trust it.
“If everyone is totally trustworthy, then X implementation is worse than signal,” Garrett told TechCrunch. “Even if they are totally trustworthy, they may no longer be trustworthy and compromise trust in many ways,” he told TechCrunch. […] If they are not trustworthy or incompetent during the initial implementation, it is impossible to prove that there is absolutely no security. ”
Garrett isn’t the only expert to catch the attention. Cryptography expert Matthew Green teaches at Johns Hopkins University, and he agrees.
“At present, until someone gets a well-known person for a full review, I won’t trust more than I believe in the trust of currently unencrypted DMS,” Green told TechCrunch. (Xchat is a standalone feature, at least for now, as well as legacy direct messages.)
X did not answer several questions sent to its news email address.
