Torproject disease infects WhatsApp - User experience trumps(sic) security
James A. Donald
jamesd at echeque.com
Sun Jan 15 18:58:20 PST 2017
On 1/16/2017 11:04 AM, James A. Donald wrote:
> Similarly, it is possible to ensure that the mapping between public keys
> and IDs looks the same for everyone in the world, preventing MIM attacks
> without burdening the user to manage his public keys himself.
At present three hundred million people communicate by Viber.
When you install Viber, it generates a secret key and a public key and
sends the public key to Viber headquarters.
When Ann wants to message Bob, Viber headquarters sends Ann's client
Bob's public key, and Bob's client Ann's public key.
And then they can message each other, no one on the network, not even
Viber headquarters, can know what they are saying to each other.
Unfortunately Viber could send Ann a public key belonging to the CIA as
Bob's key and Bob another key belonging to the CIA as Ann's key, and
then the CIA can be in the middle as Ann and Bob send messages to each
other. Ann thinks she is sending a message to Bob, but actually she is
sending it to the CIA, which then resends it to Bob.
To prevent this, to deny itself this capability, Viber could maintain a
rolling global hash representing the current mapping between ids and
public keys, and all past mappings between ids and public keys, and when
it sends Ann the key for Bob, sends Ann the hash path connecting Bob's
mapping to the current rolling hash for the entire world and all of history.
We have several mutually hostile people and organizations monitoring
this rolling hash, for example the KGB, the CIA, Wikileaks, and Trump's
security guy (who I think is one of his sons or grandsons). Your
software picks an organization at random. The user could intervene and
pick one, or pick several, but ordinarily will not.
Suppose Viber headquarters arranges for the CIA to spy on Ann and Bob.
If Ann and Bob's Viber clients have both picked the CIA for their source
for the rolling hash, then they are out of luck, but if one of them has
picked the KGB and the other has picked the CIA, then the one that picks
the KGB will get the correct version of the rolling hash, in which case
the attempted man in the middle attack will fail, and that Viber
headquarters is collaborating with the CIA will be exposed to the KGB,
to Ann, and to Bob.
Thus Viber could prove it is not spying on its users.
More information about the cypherpunks
mailing list