Hacker News new | past | comments | ask | show | jobs | submit login

How does the WhatsApp encryption model differ from Apple's iMessage encryption model?

- In iMessage, Apple handles key distribution, so if I'm in your contacts, I know the keys for all of your Apple devices. (I'm guessing the private key stays on the device, but I'm not sure).

- iMessage seems to provide no way of verifying someone's key fingerprint.

- On the other hand, whatsApp seems to force you and your contacts to meet at a Starbucks so you can distribute and sign each other's public keys. Interesting.

What other differences are there?

(to make this easier, let's assume that both companies implemented the system the way they claim they did)




There's really not much of a difference, except that WhatsApp allows you to verify the fingerprint and will notify you if your chat partner's public key changes.

WhatsApp doesn't force to you meet your contacts, and there's no "signing each other's public keys" involved at all.

There are two levels of authentication or verification - with iMessage, you only get the first one:

- The first is WhatsApp telling you "Hey, this is +555 0100. Their public key is 12345. Once upon a time, I sent an SMS to that number, and the device with this key was able to read a code in that message. Looks like the owner to me. Good luck! PS: I might be lying."

- (Optional) You compare the fingerprint by meeting in person or communicating through some other secure channel. This will ensure that WhatsApp is not lying to you¹, and that you're actually encrypting messages with a key belonging to the recipient (and vice-versa).

¹ Unless your client has a backdoor, of course.


> whatsApp seems to force you and your contacts to meet at a Starbucks so you can distribute and sign each other's public keys.

The out-of-band meeting compares a QR code or a 60-digit public key-derived number, both of which are generated by WhatsApp. There is no ad hoc in-person signing involved. From what I can determine from their whitepaper, there is no private key involvement at all. Just concatenation or hashing using the public keys.

Furthermore:

  When either user scans the other’s QR code, the keys are
  compared to ensure that what is in the QR code matches
  the Identity Key as retrieved from the server.
Note 'as retrieved from the server'. The public keys are not distributed directly from Alice to Bob but always through Mallory. You can say for certain that the public key that Mallory's app tells you that you hold for Alice is the same as the one that Mallory presents for Alice, but that's it.

That wouldn't be a problem if the subsequent communication was in a different channel, like sending an e-mail after retrieving a PGP key from a key-server; the distributing party isn't in the communication channel and can't interfere. But WhatsApp is centralised for both key distribution AND communication.


The app automatically distributes public keys, to my knowledge, and the QR code is merely a validation mechanism to ensure that no MITM is substituting keys.

The EFF seems to think the QR code thing is the bee's knees. In practice, I would wager less than 0.1% of users will make use of that functionality. It's more of a placebo.


If there is widespread snooping even a small percentage of users verifying their keys will expose it.


If there was widespread snooping, it would imply either WhatsApp collaboration or compromise, in which case the app could show whatever they wanted it to show (or they could just upload all of the private keys, which they may very well do in any case).

However I was talking about QR code versus the widely known fingerprint. The EFF seems to think the QR code is just a huge improvement, but I just don't think it will see any usage at all over the fingerprint, but instead it provides the illusion of security ala "look there's this complex thing...and some people must be validating it...so I'll just trust it."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: