End-to-end Message Encryption
HTML-код
- Опубликовано: 26 июл 2024
- System Design for SDE-2 and above: arpitbhayani.me/masterclass
System Design for Beginners: arpitbhayani.me/sys-design
Redis Internals: arpitbhayani.me/redis
Build Your Own Redis / DNS / BitTorrent / SQLite - with CodeCrafters.
Sign up and get 40% off - app.codecrafters.io/join?via=...
In this video, I explained the concept of end-to-end encryption using a basic example involving parties A and B exchanging messages securely. By utilizing public key cryptography, messages were encrypted with the recipient's public key and decrypted using their private key, ensuring only the intended recipient could read the message. Additionally, the use of digital signatures helped verify the sender's identity. This simple encryption method showcased the importance of maintaining privacy in communication channels, albeit simplified compared to complex systems like WhatsApp or Signal.
Recommended videos and playlists
If you liked this video, you will find the following videos and playlists helpful
System Design: • PostgreSQL connection ...
Designing Microservices: • Advantages of adopting...
Database Engineering: • How nested loop, hash,...
Concurrency In-depth: • How to write efficient...
Research paper dissections: • The Google File System...
Outage Dissections: • Dissecting GitHub Outa...
Hash Table Internals: • Internal Structure of ...
Bittorrent Internals: • Introduction to BitTor...
Things you will find amusing
Knowledge Base: arpitbhayani.me/knowledge-base
Bookshelf: arpitbhayani.me/bookshelf
Papershelf: arpitbhayani.me/papershelf
Other socials
I keep writing and sharing my practical experience and learnings every day, so if you resonate then follow along. I keep it no fluff.
LinkedIn: / arpitbhayani
Twitter: / arpit_bhayani
Weekly Newsletter: arpit.substack.com
Thank you for watching and supporting! it means a ton.
I am on a mission to bring out the best engineering stories from around the world and make you all fall in
love with engineering. If you resonate with this then follow along, I always keep it no-fluff.
Thanks, Aprit! Fabulous work. Waiting for part 2
Thank youu. Great explanation
Awesome work, Arpit! It was very concise, clear, to the point. ✌️Looking forward to more such informative sessions. Thanks.
Great video keep up the good work man❤️
Nice stuff👍👍
Well explained 👍
Awesome video 📹
Thanks for this useful insight!
Any idea of how end-to-end encryption works in case of group messages?
to make things simple 9:43 SSL is bounded to the transport layer, application sits in the application layer(Layer 7 OSI,Layer 5 TCP/IP)
Could you cover the scenarios where the digital certificates stored at A & B end users have to be updated post expiry? How this flow is handled in real world.
❤❤❤❤❤❤❤❤❤❤
Arpit, at 7:00 how can B verify the message is sent by A just by decrypting the digital signature part with A's public key. I believe it also needs to compare the decrypted text with the hash of message it has received
B is not decrypting the signature B is using A's public key just to verify the digital signature.
Messages to/fro Whatsapp server should be sent over TCP Protocol rather than HTTPS as Whatsapp must be using Websockets for faster two way communication with its clients.
Nice 2:18
If the private key is not even uploaded to the server and it's in our local mobile/browser database then how whats app decrypt the message when we install it on any other device?
In my opinion WhatsApp does not do full end to end encryption. Because, in case of Telegram encrypted messages cannot be recovered if telegram is uninstalled.
Also, chat backups stored in WhatsApp are unencrypted.
but, what about that if i delete my app? all keys will be gone- what's the solution for that?
how do 'A' knows B's public key, What if someone pretends B and the message will be sent to Someone
Public Keys are delivered via Server and entire connection between A to Server and Server to B and viseversa are Encrypted so, no one can be imposter because both A and B trust Server to exchange Public Keys.
Arpit, just wanted to know if end-to-end really works, then how come people's chat got revealed? I mean we all have seen this in India many times.
There is no way for someone to get messages from a truly end-to-end encrypted system. If they are encrypted using irreversible Signal Protocol then they can get hold of one or max 2 messages but not more than that.
Because even servers/db does not have raw data.
In case of celebrities, the case which happened recently, investigation team had taken their phones. They had deleted chats but they some how recovered them from unused memory. Ultimately, they read conversations from one end of end-to-end system.
Because chat backups are not encrypted (At least for whatsapp) and they can be downloaded from Google Drive/iCloud in plain text. Most of the time people have auto-backup turned on, investigation agencies must have got hold of these backups.
Because once the agencies get hold of mobile phones messages were sent from i guess they can get hold of private key too