[Cryptography] Silly idea for WhatsApp MitM protection for the masses

[Bill Cox]

WhatsApp's first rookie crypto mistake that I see is not using ZRTP-style
hash commitments.  This means:

- Users have to verify a 60 digit code rather than a 4 digit code to prove
there is no MitM
- Users can be fooled by a MitM that forces the first and last several
digits of the 60-digit codes to be the same

They also do not warn users when the other party changes their public key,
making a MitM attack very likely to succeed against the large majority of
users.  So, here's to trivial suggestions, and one silly idea to fix their
MitM problem

- Use hash commitments and reduce their code to 4 digits
- Warn users to verify the code when the other party's public key changes

And since 99.9% of users will ignore all that anyway, consider the
following additional silly idea:

They could display an animated game of some sort in the title bar which
proceeds pseudo-randomly, based on the shared secret.  The game could be
hands doing rock-paper-scissors or kittens chasing each other, and when one
side scores there could be an animated victory dance.  The idea is to make
it just intrusive enough that casual users mention the progress of the
game, which will only make sense to the other person if there is no MitM,
because the MitM would cause the game seeds to be different.  If the users
discover that the scores don't match, they should kill the connection,
which should be the advice shown to the user when they click on the game.

If the QR code is scanned to prove there is no MitM, the game would go away.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160408/43141f6f/attachment.html>