Highest Voted 'xmpp' Questions - IT Security Stack Exchange

6

votes

1 answer

How do end-to-end encrypted chat services ensure that the server admin doesn't add new members to a chat?

This question is about any chat service that supports end-to-end encrypted group chats, for instance Signal, XMPP + OMEMO (closed group chats in particular), WhatsApp, and the like. How do these services ensure that a hostile server admin does not…

encryption instant-messaging xmpp

asked Dec 21 '18 at 13:27

tao_oat

312
1
2
10

4

votes

1 answer

How can I intercept XMPP traffic on Android?

I have been learning about security testing on Android apps, and to intercept traffic I was using Burp Suite. I know it works perfectly for HTTP/HTTPS traffic, but most of the messenger apps are using the XMPP protocol for their communication. I…

android proxy xmpp

asked Jan 30 '15 at 06:53

Anandu M Das

1,981
14
31
46

4

votes

2 answers

Why do we need OMEMO if XMPP is already encrypted?

I read that XMPP is encrypted. E.g. Wikipedia says: Strengths Security XMPP servers can be isolated (e.g., on a company intranet), and secure authentication (SASL) and encryption (TLS) have been built into the core XMPP specifications. OTOH, there…

encryption instant-messaging xmpp

asked Jan 31 '19 at 21:13

Ruslan

247
2
7

3

votes

1 answer

What security layers of protection are available over XMPP?

I have been working on an application running over XMPP. I would like to know which all popular security layers are available over the XMPP protocol, similar to SSL over http.

encryption tls xmpp

asked Nov 07 '14 at 10:11

Anonymous Platypus

1,392
3
18
33

3

votes

1 answer

SSL/TLS in Jabber

Just wondering: is entire traffic between me and the Jabber server I use encrypted, or only login and password? Given that the server supports encryption, and my IM client is configured to ask for encryption. If SSL/TLS encryption is used for all…

encryption tls xmpp

asked Oct 27 '13 at 20:39

MyName

31
2

3

votes

1 answer

xmpp ssl cipher negotiation

Does anyone know how ssl ciphers are nogitiated via the xmpp protocol. When I capture packets, I see: There is no hello server/client or cipher negotiation, like http. Can anyone point to…

tls protocols instant-messaging xmpp

asked Aug 29 '13 at 13:03

marcwho

834
1
10
18

2

votes

0 answers

Does an SSL certificate have to cover the server hostnames returned by an SRV lookup on the domain?

I have XMPP service running on the domain xmpp.mydomain.com. The XMPP service runs on two back-end servers, im1.mydomain.com and im2.mydomain.com. Clients find out about these servers by an SRV DNS lookup on the XMPP address: c:\> nslookup -type=SRV…

tls xmpp

asked Jul 12 '17 at 18:46

Simon Hornbeam

21
1

2

votes

0 answers

What are the security implications of using local-link XMPP on an untrusted network?

I'd like to setup XMPP local-link messaging (Bonjour) on my laptop for use at home. However, I'm concerned about ensuring this is not leaking any information when I connect to an untrusted network. When this is enabled what information can it expose…

network xmpp

asked Mar 20 '17 at 07:19

robingrindrod

123
3

1

vote

3 answers

How secure is XMPP with self-signed SSL certificates?

I'm looking for an easy way to set up a simple IM infrastructure that protects messages in transit as well as avoids having logs in places that neither I nor someone I trust controls. I'm based in Germany and according to Mr. Snowden, my traffic…

tls privacy nsa xmpp

asked Dec 16 '13 at 14:55

Stegosaurus

21
1
2

1

vote

0 answers

Does ZRTP provide useful protection, given that the SAS is not verified?

Firstly, some important backstory. I'm producing a corporate version of an IM/VOIP/Screensharing client using the Open Source Jitsi. We are going to be using a central server and have already confirmed that TLS encryption is good to go and that the…

tls man-in-the-middle voip xmpp

asked Sep 02 '13 at 10:28

Toby Pinder

11
2

1

vote

1 answer

what makes xmpp a trustworthy way to communicate with others?

An Overview of XMPP Luke Smith recommends XMPP As Luke Smith said in his video, XMPP has been designed as an open communication protocol, which is similar to the email at an extent, I am wondering why people consider it as a safe communication…

encryption xmpp

asked May 31 '21 at 03:29

user258193

1

vote

0 answers

Forward secrecy (plausible deniability) and storing messages

How do messengers, like signal or XMPP-omemo messengers, store their messages? Since the session key is only valid for the current session, how can such extensions like MAM (message archiving on XMPP server) or storing the messages encrypted on the…

encryption digital-signature instant-messaging xmpp

asked Dec 09 '19 at 14:15

user674907

11
2

1

vote

0 answers

Solution for well-encrypted group messaging, on Android inside Knox

I am looking to setup a secure messaging system to be used among friends. Ideally it would be cross-platform (Android-phones using the Knox-container, laptops, Android-tablets with Knox) and support group chats as well as the transfer of pictures.…

encryption privacy instant-messaging xmpp otr

asked Aug 09 '16 at 13:57

SpindizZzy

31
2

1

vote

0 answers

What information can be seen when I'm using SRTP via XMPP?

Just as the title goes, basically what data/information can be tracked when using SRTP via XMPP? As client I'm using Jitsi. If things works in some aspects similar to HTTPS, I guess that maybe it can be seen to what server I'm connecting for my…

encryption tls privacy voip xmpp

asked Jul 05 '16 at 04:52

Gruber

115
4

0

votes

0 answers

XMPP authentication bruteforce with hashcat

This question is about how efficient it is to bruteforce SASL authentication in the XMPP protocol. I read the XMPP SASL authentication steps (stackoverflow link in case the first one breaks), and reimplemented a script that parses a network capture…

hash hashcat xmpp

asked Dec 04 '21 at 23:20

Redouane Red

101
1

Questions tagged [xmpp]