[Cryptography] At what point should people not use TLS?
Bill Cox
waywardgeek at gmail.com
Fri Apr 8 12:18:53 EDT 2016
On Fri, Apr 8, 2016 at 5:11 AM, Simon A <simon.a at le-huit.fr> wrote:
> le 07/04/2016 18:16, Bill Cox a écrit :
> > Noise Pipes looks very cool, but I cannot find any source code used by
> > WhatsApp that implements Noise Pipes. Can any of you folks find it? I
> > am interested in trying to understand the security of their
> > implementation, but can't find the source code.
>
> At the end of the whitepaper:
> https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
> there is a link:
> https://github.com/whispersystems/libsignal-protocol-java/
>
> > The Signal Protocol library used by WhatsApp is Open Source, available
> > here: https://github.com/whispersystems/libsignal-protocol-java/
>
> Simon.
I read through this code briefly, and it clearly does not implement the
Noise Protocol as currently specified. For example, it sends signatures
rather than authenticating by using static DH key shares. I saw no mention
of the Noise Pipe tokens, and the words noise and pipe do not appear in the
code.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160408/80f01a25/attachment.html>
More information about the cryptography
mailing list