Hacker News new | ask | show | jobs
by feurio 36 days ago
And how does one verify that the public key received belongs to the intended party, rather than a mitm?

If the answer is blind trust in a third party that runs the messaging service then I suspect that you can guess what the people asking those questions are really asking.
2 comments
danparsonson 36 days ago
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exc...

If Meta are turning it off then I guess it's reasonable to assume that there is something to turn off.

link
LPisGood 36 days ago
Diffe-Hellman-Merkel key exchange is vulnerable to attacker-in-the-middle attacks.

Eave could just do key negotiation with Alice and separately do key negotiation with Bob. You have to use a slightly more complicated cryptographic protocol to avoid this issue.

link
traderj0e 36 days ago
The only way to avoid this issue is if Alice and Bob can talk out-of-band. There's no protocol that fixes this.
link
mrexcess 36 days ago
True but the out of band secure channel could just be something like DNS, automated and constantly subject to distributed monitoring for deltas.
link
tardedmeme 36 days ago
How would the keys get stored in the user's private browsing window? Do they lose all chat history when they log in on a private browsing window and then close it?
link
danparsonson 36 days ago
I don't know the technical details of that for sure, but I think the answer is that keys and chat history are stored on-device only; for example you lose your WhatsApp history if you don't restore a backup when moving to a new phone.

If a messaging app is showing you message history in a private browsing window then perhaps the encryption key for that history is derived from your password or something like that; that can be done locally so that all the server ever sees is encrypted data.

link
tardedmeme 36 days ago
If you log in to the app on one phone and then in a web browser should you still be able to see your messages in the web browser?
link
danparsonson 36 days ago
Sorry do you mean, that's how it works now, or, that's how you think it should work? Are you talking about Instagram or WA or something else?

edit: misread your message; if you have two sessions active at the same time, then yes I would expect both sessions to receive the same messages.

link
tardedmeme 36 days ago
What if you log into the app and then log out of the app and then log into the app again? Should you be able to see your messages?

E2EE is a fail-secure design. In case of any doubt it deletes your private messages. When applied to this case I don't think the downside of constantly losing all your messages outweighs the upside of Facebook pretending they don't have a copy of all of them.

link
mrexcess 36 days ago
> And how does one verify that the public key received belongs to the intended party, rather than a mitm?

Fingerprints. Again, this is like Crypto 101. Not saying that as a personal attack of any kind, I just remain incredulous that what used to be entry level knowledge in “our thing” has evidently become so obscure.

link
traderj0e 36 days ago
You shouldn't be talking down like this, you're wrong about it. Alice and Bob need to exchange keys beforehand in some trusted out-of-band way. There's no protocol that solves this if Eve can be in the middle. I'm not sure what you mean by fingerprints, but if you describe a protocol, I can describe the mitm attack.
link
mrexcess 36 days ago
You’re not sure what key fingerprints are?

Bob and Alice are setting up their e2e channel, and because they have some extra level of concern about snooping, they telephone each other and read off some form of hash of the public key to each other.

A more complex variant would be something like PGP implemented, where Bob and Alice could both sign each others keys after this exchange, ensuring that someone who hadn’t met Bob but did trust Alice could inherit trust in Bob’s Alice-signed key.

You’ve stated unequivocally that I’m wrong, so now, please show your homework.

link
nonameiguess 36 days ago
This is a very frustrating exchange. You guys are saying the same thing. For key exchange to be secure against an attacker who can MITM the channel you're securing, either the public keys or at least their respective fingerprints need to be exchanged out of band, over some channel the same attacker cannot also MITM. For a sophisticated enough targeted attack, a telephone isn't that.

The way military radios handle this is hardware key loaders that have seeds pre-synced in factory, in person. Every day in the field, a unit comms person takes the key loader and loads new keys onto everyone's radios. The key loaders themselves are reseeded and resynced during maintenance periods between campaigns or exercises. They're physically accounted for on every movement and twice a day when not moving, and if they ever can't be found, all messages from any device they loaded keys onto is considered compromised.

Anyone trying to overthrow a government or run a criminal empire or whatever is going to have to take measures at least this drastic. Or quit LARPing and accept that nation state attackers can probably slide into your Instagram DMs, which are probably being sent to people you don't know, and if they're hot and actually answering you, 90% chance they're a honeypot anyway.

link
mrexcess 36 days ago
Web of trust or centralized trust are the main answers here.

Compromise of the secret key is a whole other issue - revocation.

MITM of a key can be solved pretty well via web of trust techniques.

Apologies if the dialog is frustrating to read! As a “recovering cypherpunk”, I find these sorts of discussions animating, as long as they’re polite and technically focused! Much love!

link
traderj0e 35 days ago
If there's no concern of mitm on the telephone then yeah.
link