Hacker News new | ask | show | jobs
by gsbabil 4188 days ago
If WhatsApp integrated everything they had in `Axolotl` [0] protocol specification, this wouldn't be the case. If WhatsApp would attempt to MITM, they would have to know someone's private-key (or break the crypto) which never leaves the phone, hence the E2E property.

[0] https://github.com/trevp/axolotl/wiki
2 comments
StavrosK 4188 days ago
It's always possible to MITM if you can't verify the signatures. No matter what they implement, the server can just relay messages back and forth.
link
Buge 4188 days ago
You don't need to find someone else's private key. Just create your own private key and convince people to send stuff to it.
link