Security Analysis Reports of Chat Clients

Below is the list of vulnerability reports I have received thus far. Authors of chat clients with identified vulnerabilities are encouraged to validate the reports.

Two contributors have noted already that the chat encryption was specified such that all compatible chat clients use a deterministic encryption and hence has limited security. This answer is therefore closed and will not yield any more points, with the exception of the refinement mentioned below.

Mr. Klick (first report) noted correctly that this means none of the chat clients is CPA secure.

Mr. Schmeisky (second report) claimed that the clients do not have indistinguishable encryptions in the presence of an eavesdropper. This is partially correct and is treated as eligible for points. However, all participants are encouraged to review the report and to make his statement more precise, based on what you have learned in class.

Reporter: Klick

Reporter: Khalil

Note: The referee requested an improvement of this report's clarity.

Reporter: Schmeisky

Reporter: Wallisch-Prinz, Pöhle