[Cryptography] Silly idea for WhatsApp MitM protection for the masses
Tom Mitchell
mitch at niftyegg.com
Fri Apr 8 22:49:19 EDT 2016
On Fri, Apr 8, 2016 at 1:02 PM, Bill Cox <waywardgeek at gmail.com> wrote:
> On Fri, Apr 8, 2016 at 10:29 AM, Trevor Perrin <trevp at trevp.net> wrote:
>
>> On Fri, Apr 8, 2016 at 6:18 AM, Bill Cox <waywardgeek at gmail.com> wrote:
>> >
>> > - Users have to verify a 60 digit code rather than a 4 digit code to
>> prove
>> > there is no MitM
>>
>> No, there is a "Scan QR code" option.
>
> .....
> The QR code feature is cool. I doubt many users will use it. I tried it
> out yesterday with my dad, and it is simple enough to use, if you are in
> the same location.
>
The QR code is apparently there to enable a desktop/ laptop browser access
to the data
connection that the phone has established and restricts to the local
net... The QR code is? generated
on the mother ship. A connection point is handed off to the desk or laptop
with a different
camera, keyboard, microphone.
Apparently the phone connection must stay active even when the bulk
of the data traffic is transported via WiFi. The WiFi connection seems to
be able to connect through NAT with ease. How is this facilitated?
So
*) phone to phone
*) phone to phone+WiFi
*) phone+WiFi to phone+WiFi
*) phone+browser+WiFi to phone
*) phone+browser+WiFi to phone+browser+WiFi
....
Data includes images, video, voice, text.
IPv4 and IPv6
What is the local net in a hotel, coffee shop, school, work?
The archive of data to "Drive" is also interesting.
The man in the middle needs access to a number of streams all at the same
time.
Interesting product with a lot of moving parts.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160408/795e8bfd/attachment.html>
More information about the cryptography
mailing list