Torproject disease infects WhatsApp - User experience trumps(sic) security

James A. Donald jamesd at echeque.com
Sun Jan 15 18:58:20 PST 2017 

On 1/16/2017 11:04 AM, James A. Donald wrote:
> Similarly, it is possible to ensure that the mapping between public keys
> and IDs looks the same for everyone in the world, preventing MIM attacks
> without burdening the user to manage his public keys himself.

At present three hundred million people communicate by Viber.

When you install Viber, it generates a secret key and a public key and 
sends the public key to Viber headquarters.

When Ann wants to message Bob, Viber headquarters sends Ann's client 
Bob's public key, and Bob's client Ann's public key.

And then they can message each other, no one on the network, not even 
Viber headquarters, can know what they are saying to each other.

Unfortunately Viber could send Ann a public key belonging to the CIA as 
Bob's key and Bob another key belonging to the CIA as Ann's key, and 
then the CIA can be in the middle as Ann and Bob send messages to each 
other.  Ann thinks she is sending a message to Bob, but actually she is 
sending it to the CIA, which then resends it to Bob.

To prevent this, to deny itself this capability, Viber could maintain a 
rolling global hash representing the current mapping between ids and 
public keys, and all past mappings between ids and public keys, and when 
it sends Ann the key for Bob, sends Ann the hash path connecting Bob's 
mapping to the current rolling hash for the entire world and all of history.

We have several mutually hostile people and organizations monitoring 
this rolling hash, for example the KGB, the CIA, Wikileaks, and Trump's 
security guy (who I think is one of his sons or grandsons). Your 
software picks an organization at random.  The user could intervene and 
pick one, or pick several, but ordinarily will not.

Suppose Viber headquarters arranges for the CIA to spy on Ann and Bob. 
If Ann and Bob's Viber clients have both picked the CIA for their source 
for the rolling hash, then they are out of luck, but if one of them has 
picked the KGB and the other has picked the CIA, then the one that picks 
the KGB will get the correct version of the rolling hash, in which case 
the attempted man in the middle attack will fail, and that Viber 
headquarters is collaborating with the CIA will be exposed to the KGB, 
to Ann, and to Bob.

Thus Viber could prove it is not spying on its users.

More information about the cypherpunks mailing list