[messaging] Second thoughts on WhatsApp encryption

Nadim Kobeissi nadim at nadim.computer
Fri Nov 21 06:13:45 PST 2014


When WhatsApp first started rolling out Axolotl, the two main points
needing improvement (that Mike Hearn elaborated on) were key authentication
and deterministic builds. I think I've now determined a third and more
severe issue with the current deployment:

WhatsApp's servers are currently checking every client (via version
numbers) for whether they have Axolotl compatibility or not. If both
clients participating in a conversation support Axolotl, then the *server
itself* must then sanction an Axolotl chat and say "yes, it's okay for this
conversation to be encrypted." If at least one of the clients is running a
non-Axolotl WhatsApp, the server would disallow encryption for that
conversation.

This means that all chats happening on WhatsApp need to obtain an
"Encryption Stamp of Approval" from the WhatsApp server first, before
encryption is enabled for chat participants. This is bad: even if two users
have Axolotl-enabled clients, the WhatsApp server can choose to simply
withhold go-ahead for enabling encryption (or it can give it and then
silently take it away when WhatsApp gets a court order), and users would
not be aware that their encryption had been disabled.

To me this is kind of a deal-breaker. If WhatsApp's servers and executives
can decide to revoke my "encryption permit" at any time, silently,
server-side and without me knowing, what's the point, at all, of having
Axolotl in the first place? Are we hoping that WhatsApp will play nice even
when faced with a court order?

I wonder if WhatsApp can remove this server control of who gets encrypted
chats and who doesn't without having to make sure that all of its clients
exclusively use Axolotl. That might legitimately never happen for two
reasons:

1. WhatsApp clients for older phones where any resource (from CPU to
bandwidth) comes at a premium (old Nokia phones that are popular in India).
Upgrading those clients to Axolotl might be challenging.

2. Going full Axolotl means having to adopt much more complex strategies
for managing user and message history, due to the protocol's very strong
forward/future secrecy guarantees. How will WhatsApp manage that across
devices if Axolotl is the only option? How desirable to WhatsApp is
usability and efficiency in that field of their application, vis-à-vis
encryption?

I'd be interested in hearing thoughts on this.

Regards,
NK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141121/110437e4/attachment.html>


More information about the Messaging mailing list