Thread replies: 49
Thread images: 12
Thread images: 12
Anonymous
Moxie Marlinspike aka Matthew Rosenfeld shills for Whatsapp, says there is no backdoor. 2017-01-14 03:41:09 Post No. 58476698
[Report] Image search: [Google]
Moxie Marlinspike aka Matthew Rosenfeld shills for Whatsapp, says there is no backdoor. 2017-01-14 03:41:09 Post No. 58476698
[Report] Image search: [Google]
File: Moxie_Marlinspike.jpg (37KB, 224x224px) Image search:
[Google]
37KB, 224x224px
Moxie Marlinspike aka Matthew Rosenfeld shills for Whatsapp, says there is no backdoor.
Anonymous
2017-01-14 03:41:09
Post No. 58476698
[Report]
There is no WhatsApp 'backdoor'
>WhatsApp's encryption uses Signal Protocol, as detailed in their technical whitepaper. In systems that deploy Signal Protocol, each client is cryptographically identified by a key pair composed of a public key and a private key. The public key is advertised publicly, through the server, while the private key remains private on the user's device.
>This identity key pair is bound into the encrypted channel that's established between two parties when they exchange messages, and is exposed through the "safety number" (aka "security code" in WhatsApp) that participants can check to verify the privacy of their communication.
>Most end-to-end encrypted communication systems have something that resembles this type of verification, because otherwise an attacker who compromised the server could lie about a user's public key, and instead advertise a key which the attacker knows the corresponding private key for. This is called a "man in the middle" attack, or MITM, and is endemic to public key cryptography, not just WhatsApp.
>One fact of life in real world cryptography is that these keys will change under normal circumstances. Every time someone gets a new device, or even just reinstalls the app, their identity key pair will change. This is something any public key cryptography system has to deal with. WhatsApp gives users the option to be notified when those changes occur.
>While it is likely that not every WhatsApp user verifies safety numbers or safety number changes, the WhatsApp clients have been carefully designed so that the WhatsApp server has no knowledge of whether users have enabled the change notifications, or whether users have verified safety numbers. WhatsApp could try to "man in the middle" a conversation, just like with any encrypted communication system, but they would risk getting caught by users who verify keys.
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
>>
File: moxie_marlinspike_for_web.jpg?itok=1YvGqRWX&fc=50,50.jpg (100KB, 1000x750px) Image search:
[Google]
100KB, 1000x750px
>Under normal circumstances, when communicating with a contact who has recently changed devices or reinstalled WhatsApp, it might be possible to send a message before the sending client discovers that the receiving client has new keys. The recipient's device immediately responds, and asks the sender to reencrypt the message with the recipient's new identity key pair. The sender displays the "safety number has changed" notification, reencrypts the message, and delivers it.
>The WhatsApp clients have been carefully designed so that they will not re-encrypt messages that have already been delivered. Once the sending client displays a "double check mark," it can no longer be asked to re-send that message. This prevents anyone who compromises the server from being able to selectively target previously delivered messages for re-encryption.
>The fact that WhatsApp handles key changes is not a "backdoor," it is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system.
>The only question it might be reasonable to ask is whether these safety number change notifications should be "blocking" or "non-blocking." In other words, when a contact's key changes, should WhatsApp require the user to manually verify the new key before continuing, or should WhatsApp display an advisory notification and continue without blocking the user.
>>
If you trust a man with that nose you deserve to be lied to.
>>
File: marlinspike_portrait.jpg (828KB, 1800x2250px) Image search:
[Google]
828KB, 1800x2250px
>Given the size and scope of WhatsApp's user base, we feel that their choice to display a non-blocking notification is appropriate. It provides transparent and cryptographically guaranteed confidence in the privacy of a user's communication, along with a simple user experience. The choice to make these notifications "blocking" would in some ways make things worse. That would leak information to the server about who has enabled safety number change notifications and who hasn't, effectively telling the server who it could MITM transparently and who it couldn't; something that WhatsApp considered very carefully.
>Even if others disagree about the details of the UX, under no circumstances is it reasonable to call this a "backdoor," as key changes are immediately detected by the sender and can be verified.
The reporting
>The way this story has been reported has been disappointing. There are many quotes in the article, but it seems that the Guardian put very little effort into verifying the original technical claims they've made. Even though we are the creators of the encryption protocol supposedly "backdoored" by WhatsApp, we were not asked for comment.
>Instead, most of the quotes in the story are from policy and advocacy organizations who seem to have been asked "WhatsApp put a backdoor in their encryption, do you think that's bad?"
>We believe that it is important to honestly and accurately evaluate the choices that organizations like WhatsApp or Facebook make. There are many things to criticize Facebook for; running a product that deployed end-to-end encryption by default for over a billion people is not one of them.
>>
>>58476714
Fpbp
>>
File: moxie_marlinspike.jpg (339KB, 750x500px) Image search:
[Google]
339KB, 750x500px
>>58476747
Use Signal, goyim!
>>
File: 108ea866cc87dda6524dcc4e39486f72.jpg (4MB, 2500x3333px) Image search:
[Google]
4MB, 2500x3333px
>>58476714
Nothing wrong here
>>
File: BN-JH794_MOXIEj_GR_20150709134041.jpg (35KB, 1242x810px) Image search:
[Google]
35KB, 1242x810px
>>58476732
Trust me
>>
>>58476698
>>58476787
I mean I never disrespect anyone to their face, but the minute I start seeing people with excessive tats, dreads, pink or other unnatural hair, I instantly acknowledge in my mind that they likely don't have anything of value to say
that being said, lol, only a fool would trust the white guy with dreads
>>
stop this virulent antimerchantism
>>
>>58476828
>white guy
Look closer
>>
>>58476848
yes white
>>
>>58476856
>(((white)))
>>
>>58476698
I remember Moxie.
Back around 2009 he wrote sslstrip which let me MITM my friends and neighbor's https connections. The good old script kiddy days.
He's been around in the security community for a while and knows his shit, just saying.
>>
>>58476828
>white guy
hahaha
your parents didn't teach you?
>>
>none of this addresses the client proprietary nature
How much did he jew out of Goybook?
>>
Why wouldn't I believe an unaudited closed source encrypted chat application is safe? stop being so paranoid, anon :^)
>>
holy fuck this guy really looks like a jew
>>
>>58476828
White guy my ass.
That's the jewiest jew I've ever laid eyes on...goddamn that nose is huge.
(((white)))
>>
>>58477075
Many shekels, goy
>>
>trust us, goy. Whatsapp is safe. Just because we can't see the source code doesn't mean it's unsafe!
>>
Is /pol/ ever wrong?
>>
>>58477454
Very very rarely
>>
>>58476881
He's also a CMU grad, he definitely knows his shit.
He also is very open on his own project's forums and other places, there's no WhatsApp backdoor.
>>58477445
You can reverse any binary and see exactly what it does, including WhatsApp.
>>
>>58477919
Then why do we prefer open source software?
>>
>>58476828
people on this site are so eager to discriminate lol. and its obvious its due because most of you guys are already bottom of the barrel in the hierarchy.
>>
>>58478561
Who bullied you as a kid?
>>
>>58478561
stop discriminating and bullying us! It's rude! Can't even be racist on the internet anymore without being bullied. Sad.
>>
>>58476698
>(((Rosenfeld)))
>>
File: wew-fs8.png (66KB, 409x526px) Image search:
[Google]
66KB, 409x526px
>There is no WhatsApp 'backdoor'
Ha ha, okay!
>>
>>58476698
Man it's been a while since I've seen that name
>>
>>58476698
Matty shilling for good boy points because nobody wants to acquire his useless business, that's so sweet.
>>
File: moxie_marlinspike.jpg (10KB, 150x150px) Image search:
[Google]
10KB, 150x150px
MOXIE MARLINKIKE STRIKES AGAIN.
>>
>>58476698
>"safety number" (aka "security code" in WhatsApp)
This bullshit needs to go. Why are we sugarcoating concepts for the masses? Call it a fingerprint, as it's always been called. It makes perfect fucking sense every time. "Security code" sounds like something I input to get past a door and "safety number" sounds like something I use in case I get locked out of my safe.
>>
File: costanza_drake.png (230KB, 640x360px) Image search:
[Google]
230KB, 640x360px
>>58476881
I wrote this post and have since read about the Signal protocol, and WhatsApp, and how Facebook is involved.
The fact that Facebook is involved is a big red flag. Apparently other instant messengers have implemented the Signal protocol such as Google. All these "instant messenger" apps with a cumulative 1 billion+ users are probably backdoored somehow. No proof, just an intuition (gut) feeling.
>>
File: hqdefault[1].jpg (26KB, 480x360px) Image search:
[Google]
![hqdefault[1].jpg](https://i.imgur.com/wHAPjcz.jpg "hqdefault[1]")
26KB, 480x360px
>>58476727
>>58476712
>>58476698
>>
>>58478561
You are doing exactly the same faggot.
Fuck off to your safe space subreddit.
>>
>>58479819
The Signal Protocol is fine desu. I fucked around with the python port of it and I'm digging the Double Ratchet algorithm. Problem is, I don't give a fuck how good your protocol is, if it's delivered via a proprietary client, it can go fuck itself.
>>
>>58476714
the nose, KNOWS!!!
>>
>>58476828
I would add anime or pony avatars to that.
>>
>>58480073
You don't think the double ratchet might be compromised somehow? After all, Dual_EC_DRBG was backdoored and no one knew explicitly how.
>>
>>58479819
These big Jewish-run companies hired a small Jewish-run company to make them appear as if they care about encryption to fool the goyim into using their products.
It's as simple as that. For all you know, Signal binaries could also be backdoored because 99% of people don't compile from the source code.
>>
>>58480129
Way more than that
>>
>>58476698
pic related looks like a young Nic Cage
>>
>>58478532
>implying they personally audit the source
You are poor niggers or jews, that's why.
>>
>>58476698
yeah, and the weed he sells doesn't contain any traces of household cleaning products
>>58476760
>>58476771
>>58476787
>respectable young CEO of a company worth $19B
>>
>>58481362
experience huh?
>>
File: JewTrust.jpg (61KB, 359x398px) Image search:
[Google]
61KB, 359x398px
>>58476698
>>
>>58480363
It's been independently reviewed and audited. DUAL_EC was immediately obvious as both a poor choice due to its slow performance and also a likely backdoored algorithm almost as soon as it was released. I think there are papers from as early as 2005 speculating that it contained a backdoor.
Thread posts: 49
Thread images: 12
Thread images: 12