Ok I found the TU Darmstadt paper that initially disclosed the flaws. TL;DR user hashing to implement a (bad) private set intersection protocol, and its trivially vulnerable to brute-force dictionary attacks.
Apple has known since 2019 and didn’t fix it! https://www.usenix.org/system/files/sec21-heinrich.pdf
Matthew Green /
npub1ts…g4v4e
2024-01-10 01:33:05
in reply to nevent1q…xln3
Author Public Key
npub1tsr0tzpcqxta5h0mut3jj29ekmvzcck6crrqy566p8hpet26sgss5g4v4ePublished at
2024-01-10 01:33:05Event JSON
{
"id": "addddc0cb7e785bf51226d0cbf2ba18bce89ab6dd29045302a4c42b2d850484e",
"pubkey": "5c06f588380197da5dfbe2e32928b9b6d82c62dac0c602535a09ee1cad5a8221",
"created_at": 1704846785,
"kind": 1,
"tags": [
[
"e",
"f5e8500d218e3ba3a151b48644031dc1a8fd1fd8eaf6d8961b659d1142d9c226",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://ioc.exchange/users/matthew_d_green/statuses/111728838916845678",
"activitypub"
]
],
"content": "Ok I found the TU Darmstadt paper that initially disclosed the flaws. TL;DR user hashing to implement a (bad) private set intersection protocol, and its trivially vulnerable to brute-force dictionary attacks.\n\nApple has known since 2019 and didn’t fix it! https://www.usenix.org/system/files/sec21-heinrich.pdf",
"sig": "8efccd1c3dc7a2860db497944fcb96b9c0c12a09db40a1af95820fd5ebd2487f82739feda65f3372e6a292140b648ca0938d1eb95bf40079cdd4108f774f8658"
}