[messaging] Viber's New End-to-End Authentication

Michael Farb mwfarb at cmu.edu
Wed Apr 20 09:54:15 PDT 2016


Does anyone know about the end to end messaging protocol used by Viber in the release they announced yesterday? I believe it’s closed source, but I’d be curious to know if they have posted the general protocol anywhere. I’ve not found anything yet. I’m curious to know if it’s based on the ratchet used for Signal or not.

https://support.viber.com/customer/portal/articles/2017401-viber-security-faq <https://support.viber.com/customer/portal/articles/2017401-viber-security-faq>

What I really like is the improved UX for authentication I’ve not seen yet. They use their own real-time channel (voice) to guide the user through the fingerprint readout. Now, real-time channels are available through many tools, but I think this is the first time I’ve seen a text messaging service do this (ZRTP in video calls and voice calls notwithstanding).

What I’d like to see next: A way to prevent accepting the fingerprint without reading it similar to SafeSlinger, with perhaps a shorter hash to confirm.

Cheers,
Mike

Michael W. Farb
Research Programmer, Carnegie Mellon University CyLab
www.cylab.cmu.edu/safeslinger <http://www.cylab.cmu.edu/safeslinger>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160420/a9341e85/attachment.html>


More information about the Messaging mailing list