Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • toofpic@lemmy.world
    link
    fedilink
    English
    arrow-up
    64
    ·
    1 year ago

    You just save the first 50 digits typed after some email is typed, and you have all the passwords you need!

    • Goodie@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      This only applies if a username is a email

      And if it is then what happens when people actually email someone? Autocorrect during login?

      • ultimate_question@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        ·
        edit-2
        1 year ago

        I don’t think they’re saying that method would yield 100% clean data but it would give you all the “necessary” data with the absolute bare minimum storage requirement. At some point people will log into their email and for most people if you have their email password you have the password they use for everything

      • WarmSoda@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        They weren’t describing a use case for every single type of situation.