|
|
|
|
|
|
by zentrus
4990 days ago
|
|
|
My main question is how are these keys generated and exchanged? Normal diffie-hellman is susceptible to man-in-the-middle attacks. You can eliminate this by adding public key certificates to the mix, but how would Silent Circle manage these certificates? How easy would it be to forge an encrypted text from an account? Essentially, how does the app verify that the key it is given is legit? So many questions and so little detail. |
|
|
Both callers then read the two words to each-other, and if they're the same, they know there couldn't have been a MITM attack. In the case where there's a MITM attack, each caller would have different key material, resulting in a different SAS. The protocol uses hash commitment and other tricks to make this really work in practice.
They haven't published the protocol for their chat app's encryption yet, but it sounds similar to OTR. While OTR has some nice tricks for verifying authenticity by using zero-knowledge proofs, it doesn't sound as if they have support for that sort of thing, and parties would have to make a call and read a SAS to each-other over the phone.