Hacker News new | ask | show | jobs
by MereKatMoves 3539 days ago
Did FB/WA clarify that they use the OW audio encryption algos, or did they just put the OW 'trophy' on the wall without the actual implementation?

WhatsApp is, I agree, very good quality for what it is, but I would never trust it or FB with anything but social/personal calls. Social Media platforms are for other people to hand over their lives to. Let them subsidize my detachment from their usage, and I thank them for it. I'm sure there will come a day where you can't use WA without a FB account, at which point it is dead to me and my social contacts will be the first to know about it via WA.
1 comments
subliminalpanda 3539 days ago
Looking at WhatsApps security whitepaper:

"WhatsApp calls are also end-to-end encrypted When a WhatsApp user initiates a call: 1 The initiator builds an encrypted session with the recipient (as outlined in Section Initiating Session Setup), if one does not already exist 2 The initiator generates a random 32-byte SRTp master secret 3 The initiator transmits an encrypted message to the recipient that signals an incoming call, and contains the SRTp master secret 4 If the responder answers the call, a SRTp encrypted call ensues"

From wikipedia:

"Signal voice calls are encrypted with SRTP and the ZRTP key-agreement protocol, which was developed by Phil Zimmermann.[1][57]"

So from where I'm reading they seem to be doing more or less the same thing when it comes to encrypting voice calls.

https://www.whatsapp.com/security/WhatsApp-Security-Whitepap... https://en.wikipedia.org/wiki/Signal_(software)

link
Johnny_Brahms 3539 days ago
SRTP and ZRTP is only for negotiating what to use. You can still use different codecs. I'd guess Wire, WA and SC use opus (since it is by far the best), while signal is still using speex.

ZRTP makes negotiation possible, so a roll-out of opus should be possible without breaking older clients.

link
kelnos 3539 days ago
Unless this is some non-standard variant, ZRTP only negotiates a key exchange for use when encrypting the audio packets (the 'S' in 'SRTP'). Neither of those protocols has anything to do with codec selection, which is done via a SDP sent over SIP, or some other signaling protocol.
link
Johnny_Brahms 3539 days ago
Sorry. I should just shut up about things I don't know much about. I thought the rtp part did negotiation, since they specify a "payload type" field and remembered the zrtp config in jitsi where you can specify codecs, and jumped to conclusions.
link
kelnos 3526 days ago
The payload type field ends up just letting you do stuff like send RTP events (like DTMF tones) over RTP by sending a different payload type that the other end can interpret in a different way than as being part of your main audio stream. Either way tho, all the payload types that you should expect to see over the channel should be negotiated beforehand, using another protocol.

But no worries... there are a ton of moving parts in these protocols, and even though I've been working with them for a while, I still tend to forget details here and there, too.

link
MereKatMoves 3539 days ago
Forgive me for being a layman in these matters

Are you saying "maybe/maybe not"?

If they seem to be doing something that is "more or less" the same then my radar is triggered for them not actually declaring they are delivering totally encrypted (ie no backdoor tomfoolery) voice calls.

link
uph 3539 days ago
Over the past year, we've been progressively rolling out Signal Protocol support for all WhatsApp communication across all WhatsApp clients. This includes chats, group chats, attachments, voice notes, and voice calls across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.

https://www.whispersystems.org/blog/whatsapp-complete/

link