Wire Cryptography Audit (with Kudelski Security)

X41 D-Sec’s Markus Vervier and Kudelski Security’s JP Aumasson were hired to audit Wire’s cryptography core, the Proteus library. Wire is an application for mobile and desktop systems that provides end-to-end encrypted messaging, and Proteus implements a protocol combining the X3DH key agreement protocol and the double ratchet algorithm in order to provide high security guarantees to Wire’s users.

Our results are described in the following report:

• Wire Report Phase 1

We were pleased that Wire was able to rapidly fix the issues discovered, none of which were critical:

We would like to thank Wire for trusting us to perform this audit!

• Wire’s independent security review - Wire News
• Wire Cryptography Audit - Kudelski Research Blog

Timeline

• 20160920: First informal contact with Wire
• 20161123: Project kick-off
• 20170109: Report delivery to Wire
• 20170130: Final report, formatted for public release

About X41 D-Sec GmbH

X41 D-Sec GmbH is an expert provider for application security services. Having extensive industry experience and expertise in the area of information security, a strong core security team of world class security experts enables X41 to perform premium security services.

Fields of expertise in the area of application security are security centric code reviews, binary reverse engineering and vulnerability discovery. Custom research and a IT security consulting and support services are core competencies of X41.