[Fry-kun]

So many people confuse encryption with authentication... Suppose you're a whistleblower trying to contact a reporter using WhatsApp. You've never met in person, so you send a message over WhatsApp, "Hello!" The reporter replies, "Hi!" You now have a big problem -- you don't KNOW that it was the reporter who replied to you, it might've been a nefarious 3rd party who already intercepted your original message and is now replying. WhatsApp's only mechanism for checking if that's the case is comparing some numbers out-of-band (e.g. in person, with QR codes). What's even more tragic is that WhatsApp doesn't track/show which contacts you may have already authenticated.. good luck remembering which of your 100 contacts are verified

[Royalaid]

Just curious, how would you solve the authentication problem? I worked on a semester long project building decentralized chat and found this as well as bootstrapping to a node that you could trust be some of that hardest problems to solve because it always boiled down to just trust.

[baby]

As he said, first you should encourage your users to authenticate one others by out-of-bands means. Then display who you truly authenticated. This can be gamified to encourage users doing it.

Now to authenticate a user out of band you can just have a shared secret that both users need to enter. You can share that secret via another channel in hope that it is not man-in-the-middled (or at least not by the same attacker). But then it is close to a trust on first use (TOFU) security: often "good enough", sometimes not (SMS).

Now if you're looking for cool ways to force the user to do it IRL, there are things like Bluetooth and NFC that would help.

There are also easier ways to do that, as ashitlerferad says, that we use for larger problems like mail and www: web of trust (WOT) and public key infrastructure (PKI).

[sigmar]

I'd offer up keybase.io as a workable way to solve this authentication problem. On keybase I can authenticate my identify by leveraging social media and public identify proofs across multiple services.

[viraptor]

Out of band, very public signatures. Of course this only works for fairly known people, but the reporter example could be easily covered by that solution. Publishing signatures with every article for example.

This fails for two anonymous people... but that's "by design" of being anonymous.

[userbinator]

This fails for two anonymous people... but that's "by design" of being anonymous

It's almost like a tautology: by definition, someone who is anonymous has no identity to authenticate.

[ashitlerferad]

There are several ways:

Central authorities: SSL, DNSSEC

TOFU: SSH, OTR etc

Web of trust: OpenPGP

Not sure, but I think Signal/WhatsApp a combination of central authority, TOFU and in-person 2 party verification, but no web of trust.

[ImACue]

Is there a reason the Socialist Millionaire protocol isn't included in WhatsApp by default?

It can be handy to ask questions such as "Where did we go last Friday", perhaps even allowing for users to ask multiple questions for added confidence.

[1] https://en.wikipedia.org/wiki/Socialist_millionaires

[kpcyrd]

For anybody interested in this, search for initial trust problem.