[Cryptography] Silly idea for WhatsApp MitM protection for the masses

Allen allenpmd at gmail.com
Fri Apr 8 13:29:07 EDT 2016


On Fri, Apr 8, 2016 at 9:18 AM, Bill Cox <waywardgeek at gmail.com> wrote:

> WhatsApp's first rookie crypto mistake that I see is not using ZRTP-style
> hash commitments.  This means:
>
> - Users have to verify a 60 digit code rather than a 4 digit code to prove
> there is no MitM
> - Users can be fooled by a MitM that forces the first and last several
> digits of the 60-digit codes to be the same
>

If I recall ZRTP correctly, it relied in the users being able to
authenticate each others voices as they read and compared codes.  Comparing
codes that are typed and sent as ASCII through the same channel that you
are trying to authenticate seems vulnerable no matter what, since the MitM
could substitute ASCII chars in flight and make it appear to both users
that the codes are the same.  Or am I missing something here?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160408/f6ee74d6/attachment.html>


More information about the cryptography mailing list