[jdev] Threema using XMPP
Simon Tennant
simon at buddycloud.com
Thu Jul 24 21:11:15 UTC 2014
Got this back from the founder:
ich weiss zwar nicht, woher die Annahme stammt, dass Threema XMPP verwende.
> Dem ist aber nicht so - Threema hat mit XMPP überhaupt nichts zu tun. Wir
> verwenden ein eigenes Protokoll für die Übertragung der Nachrichten.
>
> Mit freundlichen Grüssen,
>
> Manuel Kasper
>
> .
Translates as "no XMPP to be seen here.".
Must have just been an interesting port selection to get me all hot and
bothered.
S.
On 24 July 2014 21:02, Thijs Alkemade <me at thijsalkema.de> wrote:
>
> On 24 jul. 2014, at 17:32, Ashley Ward <ashley.ward at surevine.com> wrote:
>
> > On 24 Jul 2014, at 16:22, Simon Tennant <simon at buddycloud.com> wrote:
> >
> >> Agree on 5222. But it smells like XMPP according to
> https://www.os3.nl/_media/2013-2014/courses/ssn/projects/threema_report.pdf
> >
> > They seem pretty sure about it:
> >
> > "The communication protocol used for this communication is Extensible
> > Messaging and Presence Protocol (XMPP). XMPP implements Simple
> > Authentication and Security Layer (SASL) and Transport Layer Security
> > (TLS) for its security. This means that MitM attack might be feasible for
> > this communication”
>
> I highly doubt they have actually verified that and not just based it on
> the
> port number. This [1] paper describes the packet formats, and it describes
> it
> as “[...] a custom protocol with some similarities to CurveCP”.
>
> Thijs
>
> _______________________________________________
> JDev mailing list
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
> _______________________________________________
>
>
--
Simon Tennant | buddycloud.com | +49 17 8545 0880 | office hours:
goo.gl/tQgxP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20140724/1ca8e979/attachment-0001.html>
More information about the JDev
mailing list