SimpleX Chat

Type

Security review

Client

SimpleX

Date

2022-10

Domain

Crypto

Effort

1 wk

Section

Cryptography Reviews

Trail of Bits's security review of SimpleX (Oct 2022) identified 4 issues: 2 medium, and 2 low.

Findings · 4

1 X3DH does not apply HKDF to generate secrets Medium
2 The pad function is incorrect for long messages Low
3 The unPad function throws exception for short messages Low
4 Key material resides in unpinned memory and is not cleared after its lifetime Medium

Findings extracted from the published report PDF. See the full report below for details and remediation.

Open the PDF ↗