Tech Wizard

Breaking

Monday, 16 January 2017

how end to end encryption works

End-to-end encryption (E2EE) is  term you have generally heared in communication programs like what's up and you would think what is it for well it is  a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation. The systems are designed to defeat any attempts at surveillance and/or tampering because no third parties can decipher the data being communicated or stored. For example, companies that use end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.


 So how exctly this end-to-end encryption(E2EE) work ?


WhatsApp is using “The Signal Protocol”, designed by Open Whisper Systems, for its encryption.
In its White Paper, explaining the technical details of the end-to-end encryption, WhatsApp says that “once the session is established, clients do not need to rebuild a new session with each other until the existing session state is lost through an external event such as an app reinstall or device change.”

It reads, “clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.” It also says that calls, large file attachments are end-to-end encrypted as well.

Note that the ever-changing message key can mean a delay in some messages getting delivered, according to the paper.

It should be noted that feature is enabled by default in WhatsApp, which means that if you and your friends are on the latest version of the app, all chats will be end-to-end encrypted. Unlike say Telegram where users have to start a secret chat to enable the feature, WhatsApp has the feature on at all times. Users don’t have the option of switching off end-to-end encryption.
Users need to be on the same versions of WhatsApp to ensure that their chats get end-to-end encrypted. If you’ve recently updated the app, and you start a chat with someone else (also on the new version) you are likely to see a message saying, “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.

Once you tap on the message, WhatsApp has a pop-up menu explaining what end-to-end encryption means. Users can verify if the encryption is working as well. If a user taps on verify, they will be taken to a page with a QR code, followed by a string of 60 numbers.

If your friend is nearby, take their phone scan the code from your phone (the option is there at the bottom of the same page) and if the QR code matches, then the chat is encrypted. When the codes match, a green tick appears; when it doesn’t there’s an exclamation mark in red alerting a user that the chat is not secure.





1 comment:

  1. I’m amazed, I have to admit. Seldom do I encounter a blog that’s both educative and engaging, and without a doubt, you've hit the nail on the head. The issue is something which not enough folks are speaking intelligently about. internet Now i'm very happy I stumbled across this in my search for something relating to this.

    ReplyDelete