|
|
|
|
|
|
by kop316
2459 days ago
|
|
|
You are correct. However, that doesn't make the cipher insecure. The reason I make this distinction is because it makes other attack vectors different. If the cipher was made insecure, then the whole thing couldn't be trusted because anyone can now attack the cipher. However, if the keys are being stored in a database, it means that the cipher it means you can either attack and get the keys on the local device or the center database. Those are two radically different attack venues with entirely different consequences on the encryption scheme. Edit: Thinking about it too, it also makes the defense against it a lot different too. Say I'm in a country that only allows WhatsApp for this reason (WhatsApp allows key sharing). If I wanted to, I could crack the software and just stub out the part that sends the key (or send a dummy key as well). You still get the protections of a secure cipher, and no one else has the key now. If the cipher was weakened, then you couldn't do this. |
|
|