pwn.recipes

delicious pwnage

Pitfalls of rolling your own E2EE protocol

Or: An example of a great vendor response

An analysis of an e2ee chat app that used a non-cryptographically secure RNG and offered no way to verify keys.