WhatsApp Blunder

I spend much of my effort on this blog discussing how privacy is something more than just security. That it involves respecting cultural norms, ensuring appropriate uses of data, encouraging transparency and other things that aren’t strictly technical, but all of that is meaningless if you are sloppy with your security. WhatsApp is about to find that out.

There is speculation circulating that WhatsApp used the same AES symmetric key, for all clients, to encrypt all of its chats. The news originated from a Tweet by Nadim Kobeissi of Diaspora revealing the key and calling out WhatsApp. If what Nadim alleges is the case, that is going to be a big bummer for the WhatsApp team as well as Facebook who are in the processes of acquiring them.

The story will unfold, or won’t, over the coming days and it could get interesting. It is worth remembering that cryptography is one of those things that is so powerful yet so easy to get wrong. This could be a case in point.

Note: If you are new to cryptography check out my two part primer.
Part 1
Part 2


Now read this

Getting Dirty in Modern Web Development

The IAPP just launched a complete rebuild of its virtual face to the world – privacyassociation.org. As part of my current position at the IAPP the website, and this project, is the responsibility of my business unit. It’s been a number... Continue →