Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Synergy's Crypto Sucks

From: Taylor Hornby <havoc () defuse ca>
Date: Sat, 12 Apr 2014 09:44:26 -0600
Synergy is a cross-platform mouse and keyboard sharing tool.

    http://synergy-foss.org/

Last year I wrote a tool that decrypted Synergy's horrible encryption.

Article: https://defuse.ca/cracking-synergy-bad-cryptography.htm
Code:    https://github.com/defuse/synergy-crack

To fix it, they just disabled the stream cipher modes, which breaks my
specific attack but doesn't fix the actual problem. I'm confident that
it's still vulnerable to some type of attack.

Don't use their crypto. Keep SSH tunneling.

-- 
Taylor Hornby

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: