[Cryptography] At what point should people not use TLS?

Brian Gladman brg at gladman.plus.com
Fri Apr 8 03:34:21 EDT 2016 

On 08/04/2016 07:35, Peter Gutmann wrote:
> Brian Gladman <brg at gladman.plus.com> writes:
> 
>> On 07/04/2016 17:16, Bill Cox wrote:
>>> Noise Pipes looks very cool, but I cannot find any source code used by
>>> WhatsApp that implements Noise Pipes.  Can any of you folks find it?  I
>>> am interested in trying to understand the security of their
>>> implementation, but can't find the source code.
>>
>> I also looked for it as I wanted to find out well it was implemented. But
>> like yourself, I could not find anything.
> 
> All I found was a very informal discussion of it:
> 
> https://github.com/noiseprotocol/noise_spec/blob/master/noise.md
> 
> Trevor Perrin is someone who knows what he's doing, but still, that's an
> incredibly informal description to have to evaluate the design by.  It's also
> just another STS-style design, they're not hard to invent but pretty hard to
> get all the details right, which the informal nature of the spec doesn't help
> with.

Thanks for the reference, which is a more detailed exposition of the
implementation than the one I found on the Whatsapp site.  But, as you
say, this is a textual description of the structure of the code, not the
code itself.

What struck me about the protocol was that it looked quite neat on a
cursory insspection but it was rather more complex than I expected it to
be in how it did key management.  I hence felt that its actual security
would depend critically on how well it was implemented and on how
effective the implementation would be at defending against endpoint
attacks on key management in particular.  And since I am guessing that
largely common code is used in a quite a few different target
environments, I was interested in how the code was being protected by
the code security features of the different target architectures.

With millions of users, it seems to me that independent code review of
open source code would be a powerful confidence builder and one that I
would have thought that Whatsapp would appreciate and encourage.

But beyond this, the problem for phone security is exactly that we have
seen for computers in that in that functionality and security are
features that are very hard (I would say impossible) to achieve at the
same time and the 'market' always drives functionality at the expense of
security.

Blackberry, for example, was moving towards QNX for its phones, which in
security terms was a very positive development, but the evolution of
'app stores' undermined their market position even though they had a
better chance than other phone suppliers of providing a platform with
effective security.

So, while I see what Whatasapp is doing as a worthwhile step forward,
end to end security will inevitably place the focus on endpoint security
and until we have a way of gaining confidence in the code being run and
the environments in which it is running, 'security for the masses' will
remain an elusive dream.

   Brian

More information about the cryptography mailing list