> On 19 nov. 2014, at 11:40, Mike Hearn <[email protected]> wrote: > > Note that given everything was SSL protected before, and WhatsApp I believe > does not log messages so could not provide past messages anyway (except > perhaps if they were buffering up waiting to be delivered?) and keys can be > changed at any time or forward security disabled entirely for certain user > populations without them knowing .... then using the TextSecure protocol > inside SSL doesn't actually change much immediately. I see it more as a > useful next step, that can be built upon to achieve more impactful change in > future.
WhatsApp doesn’t use SSL for the messages, at least did not last year. They used a hand-rolled protocol based on RC4, making elementary mistakes such as using the same keystream for the client->server and server->client data. Whether the protocol classifies as forward secret is debatable. After connecting, the server sends a message “use this key for the next login”, so it does use ephemeral keys, but compromising one key does reveal every future session (as long as all have been captured). Regards, Thijs
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
