Skip to content
Snippets Groups Projects
Select Git revision
  • replace_gradle_witness
  • fix_nonlocalized_timestamp
  • fileStorage
  • implement-chunking
  • upgrade_roboletric_to_401
  • master default
  • implement-mailbox-contact-sessions
  • 541-faster-retransmission-eta
  • add_special_purpose_contacts
  • mailbox-b
  • mailbox
  • mailbox-jd
  • implement_mailbox_connection_manager
  • 1343-vanniktech-emoji
  • 541-allow-retransmission-if-faster
  • asp-temp
  • fix_performance_test_db
  • 514-allow-retransmissions-using-lower-latency-transports
  • implement-SyncSession-writer-error-handling
  • add_special_purpose_contacts_refactored
  • beta-0.16.16
  • beta-0.16.10
  • beta-0.16.11
  • beta-0.16.12
  • beta-0.16.13
  • beta-0.16.14
  • beta-0.16.15
  • beta-0.16.9
  • beta-0.16.1
  • beta-0.16.2
  • beta-0.16.3
  • beta-0.16.4
  • beta-0.16.5
  • beta-0.16.6
  • beta-0.16.7
  • beta-0.16.8
36 results
Search by author
  • Any Author
0 authors
  1. Aug 22, 2016
    • akwizgran's avatar
      Use one connection per dev report. · c6c62cab
      akwizgran authored 
      This allows simpler server-side code, and a failure part-way through sending won't require restarting from the beginning next time.
      c6c62cab
  3. Apr 21, 2016
  5. Apr 20, 2016
  7. Mar 30, 2016
  9. Mar 26, 2016
  11. Feb 02, 2016
  13. Jan 20, 2016
  15. Dec 14, 2015
  17. Jan 09, 2015
  19. Jan 06, 2015
  21. Dec 29, 2014
    • akwizgran's avatar
      Don't try to erase secrets from memory. · 358166bc
      akwizgran authored 
      1. The things we're really trying to protect - contact identities,
message contents, etc - can't be erased from memory because they're
encapsulated inside objects we don't control.

2. Long-term secrets can't be protected by erasing them from memory
because they're stored in the database and the database key has to be
held in memory whenever the app's running.

3. If the runtime uses a compacting garbage collector then we have no
way to ensure an object is erased from memory.

4. Trying to erase secrets from memory makes the code more complex.

Conclusion: Let's not try to protect secrets from an attacker who can
read arbitrary memory locations.
      358166bc
  23. Nov 04, 2014
  25. Oct 08, 2014
  27. Jan 08, 2014
  29. Dec 19, 2013
    • akwizgran's avatar
      Replaced private messages with private groups. · 0dc86922
      akwizgran authored 
      Private messages are now the same as group messages, but groups can be
private or public. When a contact is added, a private group is created
and designated as the inbox for exchanging private messages with the
contact.
      0dc86922
  31. Jun 17, 2013
  33. Jun 14, 2013
  35. Apr 30, 2013
    • akwizgran's avatar
      Removed bundle encryption. · d5720c08
      akwizgran authored 
      Android doesn't currently store bundles persistently, so it's premature
to protect against accidental information leaks through persistent
bundle storage. Protecting against deliberate information leaks by the
OS is probably futile, so there's currently no need for bundle
encryption.
      d5720c08
  37. Apr 16, 2013
  39. Mar 29, 2013
  41. Feb 19, 2013
  43. Feb 18, 2013
  45. Dec 05, 2012
  47. Nov 13, 2012
  49. Nov 12, 2012
  51. Oct 30, 2012
  53. Oct 24, 2012
  55. Sep 23, 2012
  57. Aug 28, 2012
  59. May 24, 2012
    • akwizgran's avatar
      Use AES/GCM instead of AES/CTR and HMAC. · d6b260ed
      akwizgran authored 
      This makes us Suite B compliant and saves 32 bytes per frame. The
AES/GCM implementation refuses to decrypt the frame header before
checking the MAC, so we have to use AES/CTR to peek at the header. The
header is still covered by the MAC, and we still check it after peeking!
      d6b260ed
  61. Apr 28, 2012
  63. Mar 29, 2012
  65. Feb 24, 2012
  67. Feb 23, 2012
  69. Feb 06, 2012
  71. Jan 17, 2012