Kudelski Security’s JP Aumasson and X41 D-Sec‘s Markus Vervier were hired to audit Wire‘s cryptography core, the Proteus library. Wire is an application for mobile and desktop systems that provides end-to-end encrypted messaging, and Proteus implements a protocol combining the X3DH key agreement protocol and the double ratchet algorithm in order to provide high security guarantees to Wire’s users.

Our results are described in the following report. We were pleased that Wire was able to rapidly fix the issues discovered, none of which were critical.

The timeline of this project was as follows:

  • 20160920: First informal contact with Wire
  • 20161123: Project kick-off
  • 20170109: Report delivery to Wire
  • 20170208: Final report, formatted for public release

We would like to thank Wire for trusting us to perform this audit.

(See also Wire’s post.)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s