Kudelski Security’s JP Aumasson and X41 D-Sec‘s Markus Vervier were hired to audit Wire‘s cryptography core, the Proteus library. Wire is an application for mobile and desktop systems that provides end-to-end encrypted messaging, and Proteus implements a protocol combining the X3DH key agreement protocol and the double ratchet algorithm in order to provide high security guarantees to Wire’s users.
Our results are described in the following report. We were pleased that Wire was able to rapidly fix the issues discovered, none of which were critical.
The timeline of this project was as follows:
- 20160920: First informal contact with Wire
- 20161123: Project kick-off
- 20170109: Report delivery to Wire
- 20170208: Final report, formatted for public release
We would like to thank Wire for trusting us to perform this audit.
(See also Wire’s post.)