Hacker News new | ask | show | jobs
by kop316 2462 days ago
"This means the only way WhatsApp could comply with these demands is by completely altering their software with insecure cryptography."

I get what the author is trying to say, but getting technical details like this incorrect makes it difficult for me to want to keep reading these types of articles. There is no need for WhatsApp, et all to make the crypto insecure, all it needs to do is keep a record of the keys in a centralized database. That's why having centralized Commination isn't good, all you have to do is own the key handling process and you're good.

To follow the analogy in the article, the lock is fine, just 3 letter agencies have the key.
2 comments
johnboyer 2462 days ago
It was my understanding that the asymmetric key pair was generated locally, and only the public key was exchanged. I am unsure about whether or not this is a requirement of the Signal protocol, but Signal itself will only store the private key locally, meaning they would need to alter their software in order to store said keys in a centralized database.
link
kop316 2460 days ago
You are correct. However, that doesn't make the cipher insecure.

The reason I make this distinction is because it makes other attack vectors different. If the cipher was made insecure, then the whole thing couldn't be trusted because anyone can now attack the cipher.

However, if the keys are being stored in a database, it means that the cipher it means you can either attack and get the keys on the local device or the center database.

Those are two radically different attack venues with entirely different consequences on the encryption scheme.

Edit: Thinking about it too, it also makes the defense against it a lot different too. Say I'm in a country that only allows WhatsApp for this reason (WhatsApp allows key sharing). If I wanted to, I could crack the software and just stub out the part that sends the key (or send a dummy key as well). You still get the protections of a secure cipher, and no one else has the key now. If the cipher was weakened, then you couldn't do this.

link
karmakaze 2462 days ago
Semantics. It doesn't matter if the protocol is 'secure' if the private keys aren't.
link
kop316 2460 days ago
See my other post. It does in fact, it means the attack vectors are completely different.
link