You need to somehow transmit the key to them via the internet, which would immediately render your connection vulnerable to man-in-the-middle attacks:
If I'm trying to establish a safe connection to Google, then Google will proooobably not send some employee to my house for me to give them some weird QR code. If you shared your QR Code physically by having your contact scan it by pointing their camera directly at your phone, then you could be completely sure that no one had access to it. The system has since evolved into something more powerful that uses the concepts this article is trying to teach.)īut despite working fine for WhatsApp at the time, this mechanism doesn't work for general web browsing for a multitude of reasons.įirst of all, the whole concept of WhatsApp's mechanism at that time was that the sharing was meant to happen in person. (FYI, WhatsApp's encryption doesn't work like this anymore. This QR Code represented a secret key generated by your device, and once shared with the contact, both devices would store this key. This is how WhatsApp's E2E encrypted chats used to work – when the feature was first released, the encryption was activated by sharing a QR Code with the contact you wanted to talk securely with. This communication will be safe even if the network is being intercepted by a bad actor, as this actor will not be able to make sense of the messages being intercepted unless they somehow manage to steal the key being used to encrypt the messages. If two people who are trying to communicate with each other want to do so in a secure way, they can do so by agreeing on a secret key and using a symmetric cryptography algorithm to encrypt/decrypt their messages.
0 kommentar(er)
