I would guess every person has a "receiving ratchet" for every other person in the group and then just applys the same principle. But it would be an interesting video for sure :D
Spoken like a truly naive person. Sure way to make it so that he could no longer be impartial, nor say anything that could be construed as impinging on Big Brother
@@stupidtreehugger The fact that you're able to tell everyone about conspiracies and no one's stopped you should be an indication that your conspiracies are wrong.
I'm just writing a comment knowing that YT rates the videos with comments higher than those without, and Mr. Pence deserves every bit of attention he can get. Much love
Computerphile, we've entrusted you with the Earth's remaining supply of tractor fed paper for impact printers. Please consider using it more sparingly.
I bet they use it unsparingly because they must have a room full of this paper dating from an older time when someone thought they'd use a lot over time so better order it all at once to pay smaller price and then it got outdated and they're left with tons of this paper in their hands not knowing what to do with it
I liked your video a lot. It has helped me study for a far too soon exam. Nevertheless, I find it worth mentioning, how the DH key pairs are changed in a ping-pong effect in the Signal Protocol. When A receives a message from B with a new public key e_B, A changes it's root key once, with the new K_DH=DH(d_A, e_B) key, the it re-initializes the read chain. After that, A creates a new DH key pair and then re-initializes the send chain. So when A sends a message again, it will come with A's new publih DH key and start the same procedure for B.
It's to do with filming angles. The guy filming is sitting next to them as they write stuff, so he has to go back in and stretch/shrink things to get the "top-down" view. That makes the paper look normal, but his hands get distorted. I'd still like a video about it, though! Probably some really interesting tech behind it.
The video renderer is using matrix multiplication to orient the paper properly by stretching and rotating the video. As a side effect, it also makes his hands stretched.
If the keys are deleted as soon as the message is decrypted, how do you read messages from a long time ago? Are they encrypted on disk using a different mechanism?
You said that video packets are encrypted the same way. Since they can arrive out of order (hence the sequence numbers), how are they gonna sync the keys appropriately in order for the message to be decrypted?
"in practice they [the DH ratchets] are sent every message" but why would one need the other ratchets then, if they get reset on each message? just so Alice goes through more than one key even though Bob never sent her a new DH one because his phone was off/he wasn't replying/etc?
Hi! Great question, you're exactly right. The KDF ratchet helps when the messaging is one way, e.g. Alice sends 10 messages when Bob sends none. She doesn't continue to send new DH keys for these messages.
@@michaelpound9891 am I right in thinking that the keys produced by the ratchet are symmetric keys (since these are faster for encrypting messages with) whereas the already established assymetric keys are used for the Diffie Helman exchanges?
joebloggsgogglebox Yupe, Will in applied cryptography ..specially in chatting ...Asymmetric encryption is only used to form a secret channel where we can send a symmetric key something powerful and easily computable for a low end device like a phone (compared with a full PC Graphic Card )
The starting at the same position and the synchronized ratcheting part strongly resemble (electro)mechanical cryptographic machines IMO. The Enigma for example would use a single set of ratchets for the send and recieve parts, because it was self-reciprocal, i.e. inputting the encoded message would output the cleartext message.
I watch almost all of the videos on this channel and I have no idea what 99% of them are about. Still love it though. Everytime I get something out of that 1%.
Just curious. If people tend to tick Diffie Hellman Ratchet every message, and everything gets reset every message, why don't they just use the Diffie Hellman Ratchet?
I was thinking the same thing. My only guess is the DH ratchet only gets “ticked” when Alice sends and then Bob immediately replies. If Alice sends 10 messages before Bob replies, then Alice’s sending ratchet gets ticked 10 times (once for each message). When Bob finally reads the messages his receiving ratchet gets ticked 10 times. Then when Bob replies he includes a DH tick response back to Alice and both reset their send and receive ratchets. Just my guess, maybe an expert can confirm.
@@notreallyme425 I think you're correct here (or at least mostly so; I'm not sure your use of "tick" is consistent with the video content, but it's 3am so I may just be confused :)). The video clarifies things at 7:40 when discussing asynchronous messages.
I'm sorry, they *do* carry out a DH exchange on every message? So, by the time I went online and sent receipt acknowledgements, our ratchets have been updated? When are they incremented normally then, only while one of the parties is offline, for that chunk of messages? And in that case, only one attempt at DH is "in-flight", since the further "offline" messages don't yet have a completed DH result to use? Or in reality, both parties store a queue of incomplete DH exchanges, so each message sent can complete one exchange and begin another?
Cataclysmal That’s a nice wanna would love to see a video about that ... And since singnal is open sourced (client part ) would love if they showed us some code
Question: if someone finds out a key at some point, if they don't miss out on any messages, why can they still figure out the next messages? i.e. why doesn't the DH ratchet exclude the intruders from future communication if they have the current keys?
Can you maybe do video on quantum computers but more in a way to how it’s related to breaking asymmetric encryption? And how Shor’s algorithm would would do this?
Maybe I'm misunderstanding this, but if the diffie-helman exchange is done for every message, doesn't that sort of make everything else redundant? The original goal of the ratchet algorithm was to make sure breaking a key didn't give access to all the past keys but that's not possible anyway if we keep resetting the ratchets everytime with a DH exchange right? Could someone please clarify this for me?
Changeing the DH every message is not strictly necessary. I looked up the detailed specification and from what I understand, it does not update if Alice (or Bob) sends multiple messages in a row.
@Michael Pound / @ Computerphile How does the KDF ratchet impact the entropy of the derived keys? Will it degrade over time if a new DH ratchet is not performed?
Hi I keep watching your (awesome) vedios again and again , but I still can't manage to answer about ssl attacks that I have to do ( as work sheet ) . How do I reach you in person. To get some help answering the questions?
Hang on. If DH is getting done with each message, how can one end 'catch up' if it recognises that some messages from the other party have been lost? The end that hasn't received messages can't do the DH exchanges for those lost messages can it? And how can the sender create new KDF keys using DH each time if the remote isn't about to dl the DH exchange with? DH is an exchange isn't it? I must be missing something.
How can we know if what's app is actually doing all the encryption? I know we had the out of band number from the last episode, but how do we know they aren't just sending random numbers? Basically, can we prove they're doing encryption, or do we just have to take their word for it?
@@00O3O1B since hes been using what's app and FB messenger as his examples, are they open source? Or do we just have to "trust" them. If they're not open source, what else would you use since almost everyone uses those to communicate. I'd hate to be that one person that says "you can only chat with me if you use this obscure third party open source app".
@@maqp1492 Exactly. I would not trust Facebook. Not because I think they are "evil" but because they are so large that they would be under immense pressure to install backdoors for governments. I would be absolutely shocked if they have not already done so for various governments around the world.
Could you do a video on Telegram? Is it different? If I remember correctly, they got a lot of flak for implementing their own algorithm, but as far as I know, nobody could yet prove their implementation to be insecure.
I see I'm a bit late in this conversation, but I'd like a bit of clarification about the DH ratchet: I use Signal app, and want to know how this correlates; would this be the operation of manually resetting the session, or am I way off? Thanks for your time and consideration. Also gave this channel a thumb and a sub!
I wonder if the ultimate potential for this is to integrate it with a blockchain like an Ethereum DAPP or put it on the IPFS, that way all the "server" computation is both decentralized and open to audit
What about using multiple devices then? E.g. with Whatsapp you can use desktop app but you have to scan the QR from your mobile device, does it mean that's the moment when keys synchronization happens?
RUclips community subtitles are switched on to allow the community to help subtitle the films. Sadly this means the automatic subs don't show. Perhaps go into community subs and look there? >Sean
in your original DH vid, you mentioned in passing that if Eve can modify parts of the DH exchange then all bets were off. does this protocol do anything to ameliorate that problem? thanks for the vids, Mike.
This is handled by the identity keys during the initial exchange, back in the previous video. By the time we're using the ratchets, we assume noone else is involved.
Why would you not use a different KDF on the output of the ratchet, so that you can never know the state of the ratchet even if you have the message key?
@Computerphile so if DH rtchet is being reset so often that means that endpoint device is either storing the history of the reset values or rather more worringsome unencrypted messages. Is it actually the case or am I missing something? PS Huge fan of all of the videos
Can you guys do a video on how the TFA in USB security keys works? And is there an independent way to verify that all these apps and TFA's and ciphers etc are doing what they say they're doing? Or do we just "trust" them.
6:30 - If Bob sends a new Diffie Hellman PK to make Alice's DH ratchet turn, can this PK not be copied by someone who is snooping, to turn their own DH ratchet, thus keeping in sync with Alice?
9:15 so when a message gets sent by bob that says "ok this is message number 9 in the chain" and alice's chain is only 2 ticks long, she goes forward 7 ticks without DH exchanges? what if i send 100 messages while alice is offline and someone captures the first packet?
If someone captures a packet they probably won't be able to break the key. But you're right, if they did then the chain is broken until a DH message. This means that if you send 100 messages without a reply (and new DH) then that's technically not as strong as alternating messages. In general i'd say the risk probably isn't worth worrying about, as it's so low.
Why not derive 2 keys with kdf first one use as input for the next round and second one as encryption key. So even encryption key is compromised the attatacker can not caculate the next key? Sure dh should be done in intervals too.
If you have a decent production team and the subject is sitting. it may be a good idea to use mmanual focus and just sit the subject in the plane of focus. Your video has some f focus hunting in the beginning. Hope that helps...
Can anyone please explain. If the one message sent with the new public key then how the older messages are decrypted. so in this may be one or two message in the chain key then it will reset the root key and new one. So how the previous messages are decrypted ???? I'm fully confused !!
how do im applications that allow you to use multiple devices keep data secure? or do they just use have the server able to decrpyt it? eg i can send someone an im with facebook messenger on my phone, and then see there reply on my laptop?
robert moore They basically have to copy at least the keys between devices. Big companies like facebook and Google probably do this by storing it on their servers. Less "successful" companies may ask you to transport it yourself so they can't spy on you.
Signal Instant Messenger is by far the best choice. Whatsapp, Telegram, Viber -- these are not as good, even though at least one of them also use the same double ratchet (called the Signal protocol in fact). For one thing, Signal doesn't record metadata about the messages. The servers only record two pieces of information per user: The datetime when the user signed up for the service, and the datetime of the most recent message send/receive by the user--not even to/from data. So no malicious government/hacker/corporation can ever get more than minimal information. Whatsapp stores full metatdata. They know who talks to who and when, even if they don't know what's being said (which they might, if they alter the app on some seemingly innocuous update such that it ignores the double-ratchet). And they can correlate the metadata with all their other social graph info from Facebook/Instagram/Etc. Definitely a bad choice.
Whatsapp's backup and sync "feature" removes all the encryption and backs up the messages on their servers in plain text. So what's the point of their encryption, since pretty much everyone will have backup on by default, so even the messages you sent in Whatsapp will be backed up by the person you sent it to?
Dr. Mike Pound is my favorite person that you have ever had on. His explanations are always very clear
Not to mention he's quite charismatic.
Dr. Pound, thanks to you and your crew for all you do. You bring a lot of clarity to a subject that can be convoluted.
Please do a video on how group conversations are encrypted :)
Earthcomputer
That would be an interesting one 👌🏻
I would guess every person has a "receiving ratchet" for every other person in the group and then just applys the same principle. But it would be an interesting video for sure :D
A group conversation... between Alice, Bob, Carol and Ted!
They said another video about it at the end, and that it's messy. I'm looking forward to it.
I'm also looking forward to this one
Mike should get his own BBC series.
Spoken like a truly naive person. Sure way to make it so that he could no longer be impartial, nor say anything that could be construed as impinging on Big Brother
@@stupidtreehugger The fact that you're able to tell everyone about conspiracies and no one's stopped you should be an indication that your conspiracies are wrong.
I'm just writing a comment knowing that YT rates the videos with comments higher than those without, and Mr. Pence deserves every bit of attention he can get. Much love
At some point, there needs to be an Alice and Bob wedding video. Unless it is done in complete secrecy of course.
Mallory will show up and ruin the wedding.
Oscar will appear at the wedding, for sure.
We can perform a nan in the middle attack, and watch the wedding anyway
The wedding location will be obfuscated.
Doctor Mike is my favorite doctor. My father will have to be content with only being the best father in the world. Sorry dad.
Computerphile, we've entrusted you with the Earth's remaining supply of tractor fed paper for impact printers. Please consider using it more sparingly.
matt b use it as you see fit, it's recyclable.
Wowthatsfail but it recycles into other paper types, soon the planet will be all out of tractor fed paper for impact printers!
I
I bet they use it unsparingly because they must have a room full of this paper dating from an older time when someone thought they'd use a lot over time so better order it all at once to pay smaller price and then it got outdated and they're left with tons of this paper in their hands not knowing what to do with it
I liked your video a lot. It has helped me study for a far too soon exam.
Nevertheless, I find it worth mentioning, how the DH key pairs are changed in a ping-pong effect in the Signal Protocol. When A receives a message from B with a new public key e_B, A changes it's root key once, with the new K_DH=DH(d_A, e_B) key, the it re-initializes the read chain. After that, A creates a new DH key pair and then re-initializes the send chain. So when A sends a message again, it will come with A's new publih DH key and start the same procedure for B.
The world needed that animation. Wish I'd have had stuff like that in my university courses.
I am a simple man. I see Dr Mike Pound in the thumbnail, I click.
You Pound.... _pound_
Thank you 😊🙏
This by far is the best channel. Alongside Numberphile of course 😜
Always a pleasure to watch Dr. Mike Pound :)
Please do a video on why his hands look so strange when the view of the paper is rotated
It's to do with filming angles. The guy filming is sitting next to them as they write stuff, so he has to go back in and stretch/shrink things to get the "top-down" view. That makes the paper look normal, but his hands get distorted.
I'd still like a video about it, though! Probably some really interesting tech behind it.
The video renderer is using matrix multiplication to orient the paper properly by stretching and rotating the video. As a side effect, it also makes his hands stretched.
Really reminds me of the wheels turning in an Enigma machine.
Please send my regards to Dr Mike, my dream is to study under this guy
Please keep up the messaging protocol content. Great stuff as usual!
Excellent information from Mike as always and great visuals to help show the ratchet in action. The visuals really helped me out
If the keys are deleted as soon as the message is decrypted, how do you read messages from a long time ago? Are they encrypted on disk using a different mechanism?
You said that video packets are encrypted the same way. Since they can arrive out of order (hence the sequence numbers), how are they gonna sync the keys appropriately in order for the message to be decrypted?
Bloody genius! Can we get one on group messages in Signal?
I think I'm a Mike Pound phile.
Mike*
Mike*
Yes!!! Dr Pound!!!
9:05 I can just imagine the debug log: user:alice: "well that's, not right".
KDF is gonna rock you
Really good graphics along with well explained content. Thanks for this. I've been reading up on Signal and this video helps a great deal.
"in practice they [the DH ratchets] are sent every message" but why would one need the other ratchets then, if they get reset on each message? just so Alice goes through more than one key even though Bob never sent her a new DH one because his phone was off/he wasn't replying/etc?
Wondering about that too...
Hi! Great question, you're exactly right. The KDF ratchet helps when the messaging is one way, e.g. Alice sends 10 messages when Bob sends none. She doesn't continue to send new DH keys for these messages.
Michael Pound thank you, that was really bugging me!
@@michaelpound9891 am I right in thinking that the keys produced by the ratchet are symmetric keys (since these are faster for encrypting messages with) whereas the already established assymetric keys are used for the Diffie Helman exchanges?
joebloggsgogglebox
Yupe,
Will in applied cryptography ..specially in chatting ...Asymmetric encryption is only used to form a secret channel where we can send a symmetric key something powerful and easily computable for a low end device like a phone (compared with a full PC Graphic Card )
Who else is watching this in 2021? suddenly super relevant!
Alice and Bob in chains
lmao
aaaayyyyy nice one!
The starting at the same position and the synchronized ratcheting part strongly resemble (electro)mechanical cryptographic machines IMO. The Enigma for example would use a single set of ratchets for the send and recieve parts, because it was self-reciprocal, i.e. inputting the encoded message would output the cleartext message.
I watch almost all of the videos on this channel and I have no idea what 99% of them are about. Still love it though. Everytime I get something out of that 1%.
I honestly can't wait for the video that talks about how this applies to more than 2 people.
Been curious about this for a while but too lazy to look into it myself, thanks!
These encryption videos are wonderful! Can we have a video on initialization vectors plz?
Just curious. If people tend to tick Diffie Hellman Ratchet every message, and everything gets reset every message, why don't they just use the Diffie Hellman Ratchet?
Exactly, from the video it seems like the first ratchet never gets used.
I was thinking the same thing. My only guess is the DH ratchet only gets “ticked” when Alice sends and then Bob immediately replies. If Alice sends 10 messages before Bob replies, then Alice’s sending ratchet gets ticked 10 times (once for each message). When Bob finally reads the messages his receiving ratchet gets ticked 10 times. Then when Bob replies he includes a DH tick response back to Alice and both reset their send and receive ratchets. Just my guess, maybe an expert can confirm.
@@notreallyme425 I think you're correct here (or at least mostly so; I'm not sure your use of "tick" is consistent with the video content, but it's 3am so I may just be confused :)).
The video clarifies things at 7:40 when discussing asynchronous messages.
I'm sorry, they *do* carry out a DH exchange on every message?
So, by the time I went online and sent receipt acknowledgements, our ratchets have been updated?
When are they incremented normally then, only while one of the parties is offline, for that chunk of messages?
And in that case, only one attempt at DH is "in-flight", since the further "offline" messages don't yet have a completed DH result to use?
Or in reality, both parties store a queue of incomplete DH exchanges, so each message sent can complete one exchange and begin another?
Great video, well explained and answered all my questions! Thanks Mike. Now it's time to watch the video
what about telegram and it's mtproto protocol?
Cataclysmal
That’s a nice wanna would love to see a video about that
...
And since singnal is open sourced (client part ) would love if they showed us some code
Telegram is not E2EE by default
"You must never break the chain." -Stevie Nicks
honestly cant believe this is free. AWESOMEEEEEEEEEEEEEEE
Question: if someone finds out a key at some point, if they don't miss out on any messages, why can they still figure out the next messages? i.e. why doesn't the DH ratchet exclude the intruders from future communication if they have the current keys?
If you do DH on every message do you need the other key derivation ratchets anymore?
key -> KDF -> key -> KDF -> key
Please: key₁ -> KDF -> key₂ -> KDF -> key₃
Can you maybe do video on quantum computers but more in a way to how it’s related to breaking asymmetric encryption? And how Shor’s algorithm would would do this?
How about images? How are those incorporated in the e2ee? Because you can download older images.
Maybe I'm misunderstanding this, but if the diffie-helman exchange is done for every message, doesn't that sort of make everything else redundant? The original goal of the ratchet algorithm was to make sure breaking a key didn't give access to all the past keys but that's not possible anyway if we keep resetting the ratchets everytime with a DH exchange right?
Could someone please clarify this for me?
Changeing the DH every message is not strictly necessary. I looked up the detailed specification and from what I understand, it does not update if Alice (or Bob) sends multiple messages in a row.
@Michael Pound / @ Computerphile How does the KDF ratchet impact the entropy of the derived keys? Will it degrade over time if a new DH ratchet is not performed?
Danke
I mean Mike Pound is great at explaining stuff but he does look a bit like a super villain.
Hi
I keep watching your (awesome) vedios again and again , but I still can't manage to answer about ssl attacks that I have to do ( as work sheet ) . How do I reach you in person. To get some help answering the questions?
Please do a video on threshold cryptography!!
Did they make that "other video" i rly want to know how this works in a group chat.
Hang on. If DH is getting done with each message, how can one end 'catch up' if it recognises that some messages from the other party have been lost? The end that hasn't received messages can't do the DH exchanges for those lost messages can it? And how can the sender create new KDF keys using DH each time if the remote isn't about to dl the DH exchange with? DH is an exchange isn't it? I must be missing something.
Chris Nisbet Lost DH messages are a real problem. One way DH is fine if as long as at least one DH public key was sent in each direction.
That was an awesome explanation... THANKS!!!! Does any one know how to create those wheels for a demo purposes...??
How can we know if what's app is actually doing all the encryption? I know we had the out of band number from the last episode, but how do we know they aren't just sending random numbers? Basically, can we prove they're doing encryption, or do we just have to take their word for it?
@@00O3O1B since hes been using what's app and FB messenger as his examples, are they open source? Or do we just have to "trust" them. If they're not open source, what else would you use since almost everyone uses those to communicate. I'd hate to be that one person that says "you can only chat with me if you use this obscure third party open source app".
@@maqp1492 Exactly. I would not trust Facebook. Not because I think they are "evil" but because they are so large that they would be under immense pressure to install backdoors for governments. I would be absolutely shocked if they have not already done so for various governments around the world.
Could you do a video on Telegram? Is it different? If I remember correctly, they got a lot of flak for implementing their own algorithm, but as far as I know, nobody could yet prove their implementation to be insecure.
I see I'm a bit late in this conversation, but I'd like a bit of clarification about the DH ratchet: I use Signal app, and want to know how this correlates; would this be the operation of manually resetting the session, or am I way off? Thanks for your time and consideration. Also gave this channel a thumb and a sub!
No, it just happens every few messages automatically.
I wonder if the ultimate potential for this is to integrate it with a blockchain like an Ethereum DAPP or put it on the IPFS, that way all the "server" computation is both decentralized and open to audit
What about using multiple devices then? E.g. with Whatsapp you can use desktop app but you have to scan the QR from your mobile device, does it mean that's the moment when keys synchronization happens?
Ok now I'm just thinking about how the heck do the messages all synk up when you use desktop what's app?
attacking using ss7 will allow you to control the phone as if you was admin , you can then see all messages
transcriber is not enabled, what a pity!
RUclips community subtitles are switched on to allow the community to
help subtitle the films. Sadly this means the automatic subs don't show.
Perhaps go into community subs and look there? >Sean
Funny how it’s similar to how the Enigma works on a physical level.
It's like an enigma machine.
Why do u need a send and rec rachet, when u sent a DH with every Massage? Isnt it allrdy encrypted (enough) with a DH send?
There is another comment were your question got answered.
in your original DH vid, you mentioned in passing that if Eve can modify parts of the DH exchange then all bets were off. does this protocol do anything to ameliorate that problem?
thanks for the vids, Mike.
This is handled by the identity keys during the initial exchange, back in the previous video. By the time we're using the ratchets, we assume noone else is involved.
Why would you not use a different KDF on the output of the ratchet, so that you can never know the state of the ratchet even if you have the message key?
drink every time Dr. Mike Pound says diffie helman
@Computerphile so if DH rtchet is being reset so often that means that endpoint device is either storing the history of the reset values or rather more worringsome unencrypted messages. Is it actually the case or am I missing something?
PS Huge fan of all of the videos
yeah I'm wondering about that too
Can you guys do a video on how the TFA in USB security keys works? And is there an independent way to verify that all these apps and TFA's and ciphers etc are doing what they say they're doing? Or do we just "trust" them.
How does this work for conversations with more than two people?
HI All, somehow it's not clear to me ,when the Diffie hellman ratchet forwards !Any thoughts ?
6:30 - If Bob sends a new Diffie Hellman PK to make Alice's DH ratchet turn, can this PK not be copied by someone who is snooping, to turn their own DH ratchet, thus keeping in sync with Alice?
*_...is he sending color-coded messages [_**_00:11_**_] red vs green [_**_00:31_**_]..._*
Ho does group chats work then? Do they use multiple keys for each pair or one single key for a group? @computerphile
and how are the keys are communicated? how is the first key communicated?
What if somebody cracks the private key of the DH ratchet? How is it future proof after that?
Every DH step chooses a new private key.
Is there the video for the group chat encryption?
Expectation: Perfect e2e encrypted messaging
Reality: “Error handling incoming message” for 15 messages in a row 😂
So forward secrecy is still broken if the DH gets revealed?
9:15 so when a message gets sent by bob that says "ok this is message number 9 in the chain" and alice's chain is only 2 ticks long, she goes forward 7 ticks without DH exchanges? what if i send 100 messages while alice is offline and someone captures the first packet?
If someone captures a packet they probably won't be able to break the key. But you're right, if they did then the chain is broken until a DH message. This means that if you send 100 messages without a reply (and new DH) then that's technically not as strong as alternating messages. In general i'd say the risk probably isn't worth worrying about, as it's so low.
How the older messages are decrypted ?
Why not derive 2 keys with kdf first one use as input for the next round and second one as encryption key. So even encryption key is compromised the attatacker can not caculate the next key? Sure dh should be done in intervals too.
If you have a decent production team and the subject is sitting. it may be a good idea to use mmanual focus and just sit the subject in the plane of focus.
Your video has some f focus hunting in the beginning. Hope that helps...
Can anyone please explain. If the one message sent with the new public key then how the older messages are decrypted. so in this may be one or two message in the chain key then it will reset the root key and new one. So how the previous messages are decrypted ???? I'm fully confused !!
Aren’t ratchet functions and trapdoor functions the same beast really? Cheers!
oh god he put Diffie-Hellman on the screen instead of just saying it, i've thought it was "Tiffy Hellman" this whole time
Is this ratchet logic the reason why newly added participants to groups cannot usually see group message history?
I love this guy.
Does Viber also use a double ratchet?
If I deleted the app in my device, does that mean I won't be able to read my previous messages even if I reinstall the app?
As long as you remember to save your backup phrase before hand and also have a copy of your chat backup on your microsd
how do im applications that allow you to use multiple devices keep data secure? or do they just use have the server able to decrpyt it? eg i can send someone an im with facebook messenger on my phone, and then see there reply on my laptop?
robert moore They basically have to copy at least the keys between devices. Big companies like facebook and Google probably do this by storing it on their servers. Less "successful" companies may ask you to transport it yourself so they can't spy on you.
Love your video!
Signal is sure easier to use than was PGP.
Vs traditional PGP who wins?
Signal Instant Messenger is by far the best choice. Whatsapp, Telegram, Viber -- these are not as good, even though at least one of them also use the same double ratchet (called the Signal protocol in fact). For one thing, Signal doesn't record metadata about the messages. The servers only record two pieces of information per user: The datetime when the user signed up for the service, and the datetime of the most recent message send/receive by the user--not even to/from data. So no malicious government/hacker/corporation can ever get more than minimal information. Whatsapp stores full metatdata. They know who talks to who and when, even if they don't know what's being said (which they might, if they alter the app on some seemingly innocuous update such that it ignores the double-ratchet). And they can correlate the metadata with all their other social graph info from Facebook/Instagram/Etc. Definitely a bad choice.
Whatsapp's backup and sync "feature" removes all the encryption and backs up the messages on their servers in plain text. So what's the point of their encryption, since pretty much everyone will have backup on by default, so even the messages you sent in Whatsapp will be backed up by the person you sent it to?
Whatsapp is going to implement encryption on google drive backups
Ratchets can't be turned backwards.
Me: Sends a message.
Whatsapp: Turns Ratchet and sends message.
Me: Deletes message.
Whatsapp: Surprised pikachu face
So, is messenger more secure than the NSA messaging app?
What?
Very cool
christmas came early!