WhatsApp Blunder

I spend much of my effort on this blog discussing how privacy is something more than just security. That it involves respecting cultural norms, ensuring appropriate uses of data, encouraging transparency and other things that aren’t strictly technical, but all of that is meaningless if you are sloppy with your security. WhatsApp is about to find that out.

There is speculation circulating that WhatsApp used the same AES symmetric key, for all clients, to encrypt all of its chats. The news originated from a Tweet by Nadim Kobeissi of Diaspora revealing the key and calling out WhatsApp. If what Nadim alleges is the case, that is going to be a big bummer for the WhatsApp team as well as Facebook who are in the processes of acquiring them.

The story will unfold, or won’t, over the coming days and it could get interesting. It is worth remembering that cryptography is one of those things that is so powerful yet so easy to get wrong. This could be a case in point.

Note: If you are new to cryptography check out my two part primer.
Part 1
Part 2

 
0
Kudos
 
0
Kudos

Now read this

Is Privacy Necessary Without Humans

I finally found some time to catch up on the week’s news last night and, not surprisingly, there were a number of different stories reporting on Google’s new tools for tracking user’s on their smartphones. The effort from Google is not... Continue →