Hacker News new | past | comments | ask | show | jobs | submit login

> Against what, though? The key that Whatsapp asserts is valid for the other user?

No, against the other person sitting at the table with you via QR code scanning.

Or their voice speaking the public key via another channel.

> just what the app presents as a signature or QR code. Open to correction.

What's wrong with the QR code? That QR code is a hash of the public key and exactly what you need for this identity verification purpose.

If the pubkey changes after you've scanned it, you know you've got to verify that person again before sharing anything private over that channel.




> What's wrong with the QR code? That QR code is a hash of the public key

I have no way to verify that.

If WhatsApp is trustworthy and secure, then the QR code might be a hash of the public key, but to be completely frank, it could be anything.

* I don't have the source code.

* Nobody I know has the source code

* Nobody I know has bothered to jailbreak their device and/or decompile the binary. I just got an update recently, and my friends are busy.

If I had access to my own public and private key, I (or someone I know) could conceivably verify that I'm using it by decrypting my messages using another device (e.g. using wireshark).

I appreciate that you might have the source code, or know someone with the source code, or might have reverse engineered the most recent update and have more confidence than I do, but you cannot transmit that confidence to me by simply insisting that it is the hash of the public key.


The source code is for generating the QR code is online here: https://github.com/WhisperSystems/libsignal-protocol-java/bl...


How do I know that is what is on my device?


thanks moxie.


> If WhatsApp is trustworthy and secure, then the QR code might be a hash of the public key, but to be completely frank, it could be anything.

The problem being solved here is validating that another Whatsapp user's key belongs to a flesh-and-blood person you know. We're taking it on faith at this point that Whatsapp's application is trustworthy. If it's not, validating keys is useless -- the app could upload all your chat transcripts in the background for all we know.


> If [WhatsApp's application isn't trustworthy], validating keys is useless

No.

This is completely and totally wrong.

This isn't a court of law on US television: You aren't trustworthy until proven otherwise.


I'm all for validating software. But it's difficult and we're exceedingly bad at it, and imo this problem is orthogonal to validating other users on social networks.

If your argument is "let's not trust Whatsapp", then it helps not to confuse it with discussion about QR codes.


> it's difficult and we're exceedingly bad at it

We're bad at it, because we can't tell the difference between a "QR code is a hash of the public key", and a "QR code is something WhatsApp tells us represents this other person."

Why not just use pictures of puppies? Pick the puppy you've seen represent this person before, and be suspicious if the puppy's changed! Try talking to them in person about the puppy icon used for them and make sure they match! That is actually more secure than the QR code, even if it still doesn't protect you from WhatsApp.

The reason we're talking about QR codes is because they seem more secure than puppies; to make someone think that this QR code is actually security measure! While this attack may be "foiled" by E2E cryptosystems, it's important to note the big fucking trapdoor that means WhatsApp isn't actually providing E2E protection.

Conflating this simple fact with the overarching boogeyman of "validating software" does the discussion a disservice.


What else would you validate? A number? Whatsapp can just show you the wrong number.


> What else would you validate? A number? Whatsapp can just show you the wrong number.

Good. You appear to understand the problem now.

I already alluded to the solution here:

> If I had access to my own public and private key, I (or someone I know) could conceivably verify that I'm using it by decrypting my messages using another device (e.g. using wireshark).

and here:

> That's why providing the keys (or better: being able to supply my own) is essential.

See, if I have the keypair, then for WhatsApp to subvert my conversation it needs to send the private key to itself -- something it can only do when it's not looking.

This means it would need to let me download the keys before it does any networking. If it absolutely must network before letting me have the keys, then it can allow me to install my own (new) keys. Then, WhatsApp doesn't know when I'm not looking.

If WhatsApp made it possible to catch them being dishonest, then it only takes one person to catch them and their name becomes mud.

Of course, the mere possibility that moxie could be compromised or even make a mistake is clearly too big a leap for HN these days...


> See, if I have the keypair, then for WhatsApp to subvert my conversation it needs to send the private key to itself -- something it can only do when it's not looking.

> This means it would need to let me download the keys before it does any networking. If it absolutely must network before letting me have the keys, then it can allow me to install my own (new) keys. Then, WhatsApp doesn't know when I'm not looking.

Look up signed Diffie-Hellman. Have fun trying to capture that with Wireshark. You'd need a custom MITM tool. That or you're suggesting the developer gives up forward secrecy and passive attack resistance.


> If WhatsApp is trustworthy and secure, then the QR code might be a hash of the public key, but to be completely frank, it could be anything.

Sure, but we're talking about this specific attack's effect on WhatsApp, if you want to debate the relative merits of open source vs closed source End-To-End encryption tools, you may have a point, but it's not one that's relevant here as it has nothing to do with this attack. Unless the attack can be used to update the app or something with a modified malicious version.

Say it were Signal instead of WhatsApp if you must. Is there any effect made by this attack?


> Say it were Signal instead of WhatsApp if you must. Is there any effect made by this attack?

This is what's known as a false dichotomy.

Both systems are as implemented not secure from this attack for the reason I just said.


Source code is pretty useless when it is running on a proprietary platform on a device with a secondary chip running a buggy proprietary OS that has an always-on high-speed wireless network connection.

If you are using a mobile phone you have already lost in the security stakes.


That's why providing the keys (or better: being able to supply my own) is essential.


You can do that if you really want, it takes about 10s of reverse engineering work to read or swap the keys. Won't do you any good though unless you constantly MITM yourself.


How exactly do I download my keys from WhatsApp?




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: