[Cryptography] Is "perfect forward secrecy" the biggest fraud of last decade?

Ismail Kizir ikizir at gmail.com
Sun Sep 2 17:45:11 EDT 2018

On Mon, Sep 3, 2018 at 12:02 AM Ersin Taskin <hersintaskin at gmail.com> wrote:

> Dear Ismail,
> I wonder why PSK option is not present in Whatsapp, etc.? If it were, I could/would definitely use it with a lot of  people in my >contacts comprising a great deal of my communication. Do you suggest this is because of a massive conspiracy or just the >same old convenieance vs security trade-off cobined with users are dumb-cypherpunks are few? You seem to be studying >this subject matter more seriously than me. This question is actually directed to the entire list.

Thank you for your good question Ersin.
Our job, is not chasing after conspiracy theories.
And we must prove everything we tell.
So, it's better to speak with language of mathematics. So, I prefer
the word "probability" :)

1. As everybody knows: Symmetric encryption is "enormously"(sometimes
even 2^128 times or more!) harder to break than asymmetric encryption.

2. It's "possible" that WhatsApp, Signal, Facebook and others are
"actually" reading all our messages by MITM attack.
Signal protocol's threat model is based on "external attackers".
Nothing prevents them from making MITM attacks themselves.
I must also underline that without external certificates(trusted third
part involvement), OR PSK usage, "insider MITM attacks" are always
possible for every messaging application!
And there is a method for the end user to understand(not to prevent!!)
there had been an MITM attack, by checking something like public key
signatures etc. But it's not automatically enabled either!

3. I can't tell exactly if they do such attacks or not.
But one thing is sure: "It is possible for Facebook, WhatsApp, Signal
etc. to read our messages whenever they wish"!
There others who share my opinion, including MIT academicians and students.
Here is a Whatsapp security analysis report from MIT for example:

4. PSK is also the  "unique definitive solution" for "insider MITM attacks" :)
Because, in the case third parties are involved for certificate and/or
identity verification, attack surface will grow up. And we'll have to
suspect of other attack types.

I am not claiming anything.
I am just enumerating which attacks could be avoided if PSK option was
available :)

Ismail Kizir

More information about the cryptography mailing list