Apparently whatsapp is now using end-to-end encryption
>>53914281
Daily reminder that if you aren't exchanging your public keys in person you have no idea the person you're talking to is the person you think you're talking to.
>>53914302
This is why PGP is shit.
>>53914302
While this is true, even if you did have an option to exchange keys in person, you're choosing to trust whatsapp implementations blindly without even being about to read the source code or build your program from it.
>owned by facebook
>secure
Sure, it's secure between me, my friend, nsa, cia, mosad, saudis
That's as bad as Windows' BitLocker.
>>53914281
Who cares? Stop shilling this shit Facebook. The data is not encrypted on the device, only during transit. Facebook can still read all text you type in. This is PR, riding the Apple FBI wave.
>>53914281
I don't get it, can someone explain to me how this is supposed to work? Isn't your secret between participants shared unencrypted and only then the encrypted conversation starts? Wouldn't WhatsApp always know the needed secret to decrypt the text?
You trust Signal, right? That trusted open source encryption?
Oh, yes, we use that too now! :^) :^) :^)
We're not Facebook goys :^) :^) :^) :^)
>>53914344
The situation you described would still allow secure communication.
You send some public info to your friend, friend sends public info to you, and then you are able to establish secure communication channel.
But if some party is able to intercept your public message to friend and replace it with something else (which whatsapp 100% can), then they can eavesdrop and even edit your transmitted messages.
>>53914370
Why would they even need to replace it. They have the contents of the public messages -- what I mean by secret. Yes to someone having missed that crucial phase of the conversation, decrypting the conversation might be impossible; but not to WhatsApp who is always aware of the "public secret" shared between the participants at the beginning.
>>53914384
I say public because it is not secret.
Public key cryptography does not require shared secrets - only shared public information.
>>53914393
huh, I don't know about cryptography then to figure out how this would possibly work. I.e. share something public between the participants -- everyone can see it -- and suddenly they can talk securely while no one can listen in.
Well i wouldnt trust it for anything important but its likely better than just fb messenger, and theres the benefit of more people already using it rather than using more "obscure" encrypted means of communication which is good for talking to normies. At least you'd probably have to be specifically targeted in order for them to bother to use some backdoor to get the data rather than being able to hand it over on a silver platter like fb data. Maybe we'll see an apple vs fbi type situation to get a better idea of the security.
>>53914335
*tips tinfoil*
>>53914320
Even if you had the source and built it yourself, the compiler may insert a backdoor. Even if you built the compiler yourself, the operating system may have a backdoor. Even if you built the operating system yourself, the hardware may have a backdoor. Even if you built the hardware yourself, the machine that built all of it may have inserted a backdoor that wasn't in your schematics.
>>53914302
As long as you can be reasonably sure the first time, you can store the keys
>>53914408
It seems truly insane when you see it, but the core principle is not that difficult.
Diffie & Hellman is probably the most simple example of public key crypto.
>>53914458
While true, thing I listed is easy for attacker to pull off (that is, put shady stuff into your own implementation), while your examples (embed a system that will without fail detect some things and never produce false positives, and always have something shady to insert) are difficult to pull off. They are difficult to pull off even considering that magnificent example from Ken.
>>53914490
I have no doubt the NSA can do all of the things I listed, and my point was that trying to defend yourself when you are being specifically targeted by the NSA is futile
>>53914490
Thanks man, that's really helpful -- appreciated.
>>53914313
>What keysigning parties are
>What is the WoT model in the OpenPGP standard
No, you're mom is shit. Truth is, nobody cares about this kind of authentication for standard mail. In some countries, if you want to interact with public offices, you need "certified mail" where the WoT "flexible" model is replaced with an authoritative "central" model and keys are handled with SmartCard readers. They didn't adopt the OpenPGP standard per se only because nobody actually gave a shit about actual identity of your counterpart for 99% of message exchanges. What's also why 99% of HTTPS is just fucking DV-validated: nobody gives a shit about that.
The one major thing that the OpenPGP didn't solve (and that marks it really obsolete today for any kind of certified mail) is: no proof of delivery.
>>53914511
I do not agree to that, but I also don't want to argue about that.
In any case, there are lots of other parties I might want to be unable to see my conversations.
>>53914511
>NSA solved P = NP
It already has for quite some time in normal conversations. A shame there's no way to verify it to be trustworthy.
With websockets version of Signal actually becoming usable (so that those who wish can avoid Google), Signal seems to be the platform to push.
>>53914533
The NSA can break 1024bit DH keys but it takes months.
512bit keys might as well not exist.
The lesson is that 2048 bit DH is actually NSA-proof, assuming there isn't some kind of software vulnerability.
>>53914533
I neither said nor implied that
>>53914602
I have no idea why DH still gets used. Its way more vulnerable than RSA is
>>53914490
Let me add this one then
Since you're not communicating over a public channel, but sending your secrets directly to whatsapp instead, this would not even be difficult to pull off
>>53914777
RSA by itself cannot be used for key agreement like DH can
>indianexpress
>>53914835
Kek
>>53914533
You don't really need to solve P=NP to do that
>>53914777
DH is used for key exchange; RSA is the encryption system. Both are needed to create an encrypted channel. ECDH adds elliptic curve cryptography, which is more secure, especially when adding forward secrecy.
