Do you want the govt. to be able to read your WhatsApp messages, at their whim? Currently the platform's E2EE protection based on the Signal protocol ensures that our message content, with loved ones, family, friends and work remain secret. (Facebook shares metadata though).
The Indian govt. (along with US, UK, and Aus) wants law enforcement access to our sacred chats. Do you think this is alright?
#WhatsApp
#E2EE
#Surveillance
#Privacy
#FoE
E2EE encryption means nothing, when FB has the master key, to crack the hashing algorithm.
Let a decentralised service host our messaging, let them use a custom hashing algorithm to encrypt messages. If govt wants to snoop let it get a court order and only then allow the messages to be snooped by using the master key to decrypt messages.
@freemo -- what do you think? Am I talking out of my ass. Tech is possible no? And allows for surveillance when there is a security risk.
🇳🇱
Putting aside what FB or any one specific company does for a second, lets be aware that point-to-point encryption is secure even from the server sending it or storing the messaged.
There are also other forms of encryption that arent point to point that are secure.
I think (I would need to check) that signal is point to point. If it is then your good. Passwords are a form of encryption where despite the site keeping a hash of your password there would be no way (and no master key) to get your password out of the system, assuming the system is using a secure library and all.
In the end though I do agree with the notion that your data is only as secure as your trust in the person who wields it.
BTW side note, SHA is a hashing algorithm and not a public-private key encryption. Messages sent, encrypted, between two points, would not be able to use SHA or any other hashing algorithm to accomplish that. It would need a symetric or asymetric key algorithm like RSA, DSA, AES, or similar.
I was only giving an example.
I said SHA as I was referring to the fact that 'brute force needed to crack an encryption algorithm' is the chief determiner of its security.
I had read about a loophole in SHA. (prolly a bedroom conspiracy theory). It said that there exists an alternate way to solve the curve equation and use much less computing power.
If any company that devises its own encryption system (does fb do that I don't know), could they build a master key into it? - I had assumed they could.
But I realise now that they wouldn't do it, as it would turn into a security risk for FB itself.
Alternative more efficient algorithms are what i mentioned when I was talking about back doors. They are possible. But they arent some master key. If its a big enough issue then it could make it trivial to hack all encryption. But in reality when we find such loopholes they are usually special cases, certain encryption under very special conditions are hackable while the vast majority of stuff encrypted remains secured
Like i said only reason its unlikely is because the NSA themselves encrypt using SHA, whcih they likely wouldnt do if they knew there was an exploit in the algo.
@freemo
I have made the following corrections to my profile.
Any more shame and I shall be forced to commit seppuku.
Found it !!
https://www.youtube.com/watch?v=nybVFJVXbww
It's actually, exactly what you said.
And also not sure if it has anything to do with SHA.
So I just had a meeting with the team from Aparapi that I run. Its so amazing to see a decade long software project thrive and hang out (on video chat) with my fellow devs. Much like the qoto community i find it very enriching to create communities.
@Full_marx
The only constants I can think of are known by everyone and used by everyone to generate SHA keys.
While in theory its possible the NSA could have a SHA backdoor it wouldnt be some magickal constant number, but rather an algorithmic weakness or computation superiority (such as a quantum computer sufficiently advanced).
While its possible they have a backdoor it is very unlikely. They themselves encrypt data in SHA and if they knew there was a backdoor, even if they thought they were the only one who had it, they wouldnt be encrypting in SHA.
So I'd say the fact that they use SHA to encrypt is a good indication it is probably secure. I'd be more concerned with them having a QC really but if thats your concern you can use an appropriate QC resistant algo.
@Shawshank