
Cryptography Is Harder Than It Looks - gechr
https://www.schneier.com/blog/archives/2016/03/cryptography_is.html
======
gechr
I'm particularly curious about the _" [...] serious vulnerabilities in an
encryption protocol that I, and probably most of you, use regularly."_ ‒ does
anyone know what this in reference to?

~~~
DanBC
Is it this? from the comments

[http://blog.cryptographyengineering.com/2016/03/attack-of-
we...](http://blog.cryptographyengineering.com/2016/03/attack-of-week-apple-
imessage.html)

> Apple iMessage, as implemented in versions of iOS prior to 9.3 and Mac OS X
> prior to 10.11.4, contains serious flaws in the encryption mechanism that
> could allow an attacker -- who obtains iMessage ciphertexts -- to decrypt
> the payload of certain attachment messages via a slow but remote and silent
> attack, provided that one sender or recipient device is online. While
> capturing encrypted messages is difficult in practice on recent iOS devices,
> thanks to certificate pinning, it could still be conducted by a nation state
> attacker or a hacker with access to Apple's servers. You should probably
> patch now.

~~~
gechr
Aha, missed that, thanks!

