[messaging] WhatsApp & OWS team up
mwfarb at cmu.edu
Tue Nov 18 09:11:00 PST 2014
> Cracking the usable key verification problem. This move brings WhatsApp to the same level of security as iMessage (or better, given the forward security), but WhatsApp/Facebook could still do a switcheroo on people's keys. TextSecure never really figured this out IMO - it still expects people to manually compare long strings of hex.
On this point in particular, projects like SafeSlinger attempt to reduce the complexity of hex, but the inconvenience of synchronous communication for out-of-band verification remains. Does out-of-band become worthwhile if we give unobtrusive verification nudges in our UX's to the tune of "When you can see or hear Alice, tap here to verify her for good"?
Michael W. Farb
Research Programmer, Carnegie Mellon University CyLab
M 412-965-4725 - www.cylab.cmu.edu/safeslinger
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging