Hacker News new | past | comments | ask | show | jobs | submit login

Couldn't group chats be encrypted with a shared key that is provided to the new user by whoever invites them to the chat? The messages would still be encrypted and decrypted only at the ends.



In all honesty if you keep the key on a server you might as well not encrypt the messages to begin with (except in transmission ofc, but hey, https).

Storing the key right next to the encrypted messages makes it no more secure than ROT13'ing the messages.


The key doesn't have to be shared with the server.


Ahyes, good point.


What about removing a user from chat? What if the shared key is leaked? How do you deliver the key to the new user? Who provisions new keys if a shared key is leaked? There are a variety of problems (all solvable/already solved, yes) with the shared secret strategy, and addressing them costs money and time.


So? There does not need to be a way to get rich quick. I don't see a problem with forcing chat providers to include proper end to end encryption as a matter of consumer protection. Because we all know that otherwise, security will not be part of the minimum viable product, and the consumer can't tell the difference.

(Obviously, the state of the art answer to your technical questions is the double ratchet algorithm.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: