Comment by dongcarl

Comment by dongcarl 2 days ago

0 replies

View on Hacker News

(Carl from Obscura here)

> Does Mullvad have the budget and expertise to protect itself against determined, highly-resourced attackers?

I think Mullvad is actively working on [System Transparency](https://www.system-transparency.org/), which will help a lot.

> Finally, is it possible for a third party, intercepting traffic between Obscura and Mullvad, to identify the public key used to encrypt it? I don't think so - the only way to validate a signature is with both keys; that's kind of the point. But maybe there is an attack I'm unaware of?

I had asked this question a long time ago on either a noiseprotocol or wireguard IRC channel, and the answer is no, a third party intercepting traffic between Obscura and Mullvad, WON'T be able to identify the public key used to encrypt it.