[messaging] Second thoughts on WhatsApp encryption

Nadim Kobeissi nadim at nadim.computer
Fri Nov 21 07:36:51 PST 2014

On Fri, Nov 21, 2014 at 10:15 AM, Joseph Bonneau <jbonneau at gmail.com> wrote:

> On Fri, Nov 21, 2014 at 10:06 AM, Nadim Kobeissi <nadim at nadim.computer>
> wrote:
>> You can actually get around the need to trust WhatsApp as a centralized
>> key directory (by implementing a simple form of key authentication (QR
>> codes, fingerprints, etc.)), but that wouldn't solve the problem. The issue
>> here is that even if key authentication is implemented, WhatsApp servers
>> still retain the capacity to selectively disable encryption on a case by
>> case basis.
> If you trust the app (verified build, etc.) then the app will tell you
> you're communicating in non-encrypted mode. If you don't trust the app,
> then the app can show you one fingerprint and encrypt with another (or not
> at all), so independent verification of key fingerprints also won't help.

Except that even a deterministic build of the app right now wouldn't show
you anything regarding encryption status!

I do get your point. But the server having so much control, in my view,
still interferes, even with deterministically-built clients, to a degree
that definitely warrants it being its own "third challenge." It means that
I can compile from source, authenticate, and still have my encryption
quietly disabled when I fly to Thailand/Saudi Arabia. This is a third
challenge that you can address with a combination of client-side checks and
UI, but it still gives servers too much power.

> I should have said "assuming a trusted app and a means of independent key
> verification" then the ability to disable encryption isn't any worse. So
> we're back to the 2 main challenges either way.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141121/24883a4a/attachment.html>

More information about the Messaging mailing list