The Fraunhofer Institute for Secure Information Technology SIT has launched recently the project people into life encryption to protect as many citizens with encryption before mass surveillance. But WhatsApp is faster: One billion people suddenly use end-to-end encryption, and most do not even notice. Three years ago, shortly before the Snowden revelations, that would have been unthinkable. Today we must WhatsApp, which has struck several times in the past by rough security weaknesses, congratulations to the first true people encryption – and immediately connect the question: Is that enough?
For if the purloined from Snowden intelligence documents have illustrated something this: The digital communication infrastructure is infiltrated on many levels and can be infiltrated and who wants to communicate without third party content and can learn addressee must operate an enormous effort
. <- tile: 7 desktop adctrl ->
for several months also is increasingly clear that governments around the world to the Snowden revelations are only moderately enthusiastic about the reactions of the technology sector and think aloud about countermeasures. The increasing use of encryption in apps and other software, data transport, data center and hardware as well as the search for legal ways to make customer information for governments untouchable, has a debate over the question raised whether there should be perfect data security.
Against this background, one must consider the introduction of end-to-end encryption in WhatsApp.
What’s end-to-end encryption at all?
End-to-end, short e2e means only stations and receiver can decipher the contents of a message. Because only they have the key to decrypt. Third, the intercept a message that can recognize who is talking to whom in principle. In the case of encrypted e-mails about the addresses of the sender and recipient remain recognizable. A key for decrypting the content, but takes an observer to guess or calculate. Modern cryptographic systems are designed so that it is virtually impossible or would take decades or longer.
If you want to know more about e2e and the underlying principle of asymmetric encryption, click here.
How does that look in WhatsApp?
Users of the current WhatsApp version communicate with each other now e2e, in single and group chats, in the transmission of images, videos, voice messages and files as well as in WhatsApp conversations. You have to do is, the structure of the encrypted connection and the necessary key exchange take place completely in the background. Users can, however, detect if a chat is encrypted or not. The latter can happen if the opposite still uses an outdated version of WhatsApp. WhatsApp is in the transition phase to an indication of the beginning of encrypted chats, also displays a lock icon in the settings for each chat, whether it is encrypted.
Also WhatsApp users can verify if they really communicate with the desired opposite. These both have a so-called unique fingerprint, which is now called in WhatsApp security code. It consists of 60 digits, you have to read to each other on the phone. Alternatively, it can be represented as a QR code, scan the user with each other when they meet face to face time. Who is using the WhatsApp Alternative threema, knows the principle.
If you want to be really careful, the key balance refined yet: In the settings can be defined, that is informed of any changed security code. It looks the same as in this screenshot, and occurs when a contact is using a new smartphone or WhatsApp reinstalled – or when somebody tries impersonate this contact.
More
The e2e basis in WhatsApp is the so-called signaling protocol, called the earlier Axolotl protocol. It is regarded as exemplary, the developers of Open Whisper Systems to the cryptography expert Moxie Marlinspike have previously used in the messaging apps TextSecure and signal. The Protocol is open source, so it can be reviewed by external specialists and includes several strong cryptographic techniques including Forward Secrecy.
The latter means that WhatsApp ephemeral key uses of each message to harden. A monitor that WhatsApp messages somehow during transmission mitschneidet and stores and then come into the possession of the key of a user, so still can not decrypt old chats subsequently still future chats.
No comments:
Post a Comment