[jdev] Threema using XMPP
Thijs Alkemade
me at thijsalkema.de
Thu Jul 24 19:02:32 UTC 2014
On 24 jul. 2014, at 17:32, Ashley Ward <ashley.ward at surevine.com> wrote:
> On 24 Jul 2014, at 16:22, Simon Tennant <simon at buddycloud.com> wrote:
>
>> Agree on 5222. But it smells like XMPP according to https://www.os3.nl/_media/2013-2014/courses/ssn/projects/threema_report.pdf
>
> They seem pretty sure about it:
>
> "The communication protocol used for this communication is Extensible
> Messaging and Presence Protocol (XMPP). XMPP implements Simple
> Authentication and Security Layer (SASL) and Transport Layer Security
> (TLS) for its security. This means that MitM attack might be feasible for
> this communication”
I highly doubt they have actually verified that and not just based it on the
port number. This [1] paper describes the packet formats, and it describes it
as “[...] a custom protocol with some similarities to CurveCP”.
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://www.jabber.org/jdev/attachments/20140724/28e01b5c/attachment.sig>
More information about the JDev
mailing list