On 13 September 2014 15:13, [email protected] <[email protected]> wrote: > I can't find any Wickr UI to access a key fingerprint.
Interesting. I don't have Wickr, so I cannot look. I guess I'll put this out there: https://www.wickr.com/wp-content/uploads/2014/08/iSEC-iSR-July2014.pdf I have never handled any proprietary Wickr information, precisely because of the potential for conflict of interest. I did review this document to help the authors convey the correct information they wanted to. (I basically read it, and then said "I can't figure out if X or Y." and they would go back and edit based off what they knew.) Somehow or another, people I trust claim that they can use Wickr such that they have confidence that Wickr can't MITM them. In particular I'll excerpt: ------- While some weaknesses in this architecture revolve around a trusted central server, which could undermine the strong end-to-end encryption in some low likelihood scenarios, Wickr has recently added several features which allow users to avoid these weaknesses. In the case of long term keys, this is provided if they opt-in to use the ``Advanced Key Verification'' feature. 1. The Wickr client utilizes Trust on First Use (TOFU) for initial communication with peers, and allow users to examine this long term key associated with their identity. Peers can then verify this key via video, SMS or email when using the ``Advanced Key Verification'' mode. When long term keys are changed, the new keys must be validated. The ``Advanced Key Verification'' was code reviewed during the July retest. ------- If you cannot find this feature, that's very interesting. -tom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
