So, I'm interested how the implementation of "Perfect Forward Secrecy" in Signal looks like, like does every messages has a different encryption key? or does it change over time like #whatsapp does? I tried to find any official documention of this, sadly did not find anything.
Thats why I'm asking, does anyone of you know smth about this and maybe can provide a link to a official source?
Don’t know about Signal but the way PFS usually works is there is something like a Diffie-Hellman (DH) key exchange. Each person generates a random (private) number, remembers it, crunches it mathematically into a public number, and sends the public number to the other person. Each then combines their private number with the public number that they got from the other person, and this (because of how DH works) cleverly gives both people the same secret number they use for the encryption, but the secret can’t be reconstructed without knowing at least one of the private numbers. Finally, the PFS part is simply that each person permanently deletes both the shared secret and the private number they generated for that exchange (they will create new ones next time they want to communicate). That means there is no way to reconstruct the secret and re-decrypt the message.
Of course, authentication also has to be added to all this.
For more info, probably easiest to look up Diffie-Hellman key exchange online.
Diffie-Hellman is only a key exchange protocol and does not provide forward secrecy. Imagine that my and your client figure out our shared secred (key) with DH, then encrypt our chat with that. If someone breaks only a bit of our traffic, then they can read newer messages as well.
Forward secrecy means that at any point messages are encrypted with keys that aren’t reused forever, which means if an attacker can intercept traffic and read a bit, or crack the encryption, that they don’t automatically get access to our future conversation as well.
This is the encryption that they developed. Whatsapp and OMEMO (XMPP) use it as well. It has forward secrecy because if an attacker has the key for a message they can’t calculate the key for the key for the next message etc.
essentially, yes. There are two levels of encryption keys and they “ratchet” along (change). Only the lower level is used to encrypt the text so it’s much harder to figure out the other one.
@sexy_peach Thank you very much! Just now wondering, handle WA this differently? Since Ig we all know this message which appears when the "keys" ig, changed
Since Ig we all know this message which appears when the “keys” ig, changed
I don’t know if I fully understand you here.
To my understanding whatsapp does it like this too. The key changing must be the high level key, since the message means that it’s an unknown key (thus not yet trusted). From new install or new device.
@Rose True, but there are still differences, for example Signal encrypts everything, while WA only encrypts chats and calls, so the implementation is a bit different, which maybe could be also in Signal with PFS.
The main advantages of Signal over WA is that Signal minimises the amount of metadata Signal has access to and promises to not store or analyse the little remaining metadata.
The data (as in: the actual message content) should be similarly secure in both.
Add comment