Question about key exchange. #1
Comments
|
Hey Mina,
Sorry I've been busy with work and didn't see this message. What you're
talking about is preventing the server from doing a MITM (man in the
middle) attack and signal won't directly provide that. But there are ways
in which you can creatively do that. Simplest example being comparing
the keys that two parties have to make sure that the key sent was the one
that is being used and the server didn't swap it out. I think WhatsApp has
implemented this in some form.
Also, this was something I was working on during my school days, if you
look at one of my other repos, you can see a rough implementation of what
I'm talking about in Java. I think that project is called EmailSecurity
Akash
…On Thu, Jun 18, 2020 at 9:24 AM Mina William Michael < ***@***.***> wrote:
Hi.
I have a question about key exchange. I can see in the code that the keys
are transferred as they are to the other party. Isn't that a security
vulnerability? The server can simply use the keys to decrypt the messages
being sent. How is that addressed? What's the solution to that?
What I'm trying to achieve in my application is end to end encryption.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACGGWUYY43B35MAOBRDKKMDRXI5VDANCNFSM4OB5ZNWQ>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi.
I have a question about key exchange. I can see in the code that the keys are transferred as they are to the other party. Isn't that a security vulnerability? The server can simply use the keys to decrypt the messages being sent. How is that addressed? What's the solution to that?
What I'm trying to achieve in my application is end to end encryption.
The text was updated successfully, but these errors were encountered: