[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Synergy's Crypto Sucks

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Synergy's Crypto Sucks
From: Taylor Hornby <havoc@xxxxxxxxx>
Date: Sat, 12 Apr 2014 09:44:26 -0600

Synergy is a cross-platform mouse and keyboard sharing tool.

    http://synergy-foss.org/

Last year I wrote a tool that decrypted Synergy's horrible encryption.

Article: https://defuse.ca/cracking-synergy-bad-cryptography.htm
Code:    https://github.com/defuse/synergy-crack

To fix it, they just disabled the stream cipher modes, which breaks my
specific attack but doesn't fix the actual problem. I'm confident that
it's still vulnerable to some type of attack.

Don't use their crypto. Keep SSH tunneling.

-- 
Taylor Hornby

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Next by Date: [FD] Adobe Reader for Android exposes insecure Javascript interfaces
Previous by thread: Re: [FD] DoS condition mt-daapd/Firefly Media Server 0.2.4.2
Next by thread: [FD] Adobe Reader for Android exposes insecure Javascript interfaces
Index(es):
- Date
- Thread