Full Disclosure mailing list archives
Synergy's Crypto Sucks
From: Taylor Hornby <havoc () defuse ca>
Date: Sat, 12 Apr 2014 09:44:26 -0600
Synergy is a cross-platform mouse and keyboard sharing tool. http://synergy-foss.org/ Last year I wrote a tool that decrypted Synergy's horrible encryption. Article: https://defuse.ca/cracking-synergy-bad-cryptography.htm Code: https://github.com/defuse/synergy-crack To fix it, they just disabled the stream cipher modes, which breaks my specific attack but doesn't fix the actual problem. I'm confident that it's still vulnerable to some type of attack. Don't use their crypto. Keep SSH tunneling. -- Taylor Hornby _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Synergy's Crypto Sucks Taylor Hornby (Apr 12)