Reply to post: Re: "Ship! Come back!"

Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time

Adam 1

Re: "Ship! Come back!"

WhatsApp is a closed source app that implements an open source protocol (signal).

If they add the capability to generate a new group key-pair whenever requested by the server without authorisation within the app, then a systemic weakness had just been included that anyone who manages to pwn WhatsApp servers can now exploit.

You might as well just let the server manage the session keys.

And if you have ever run a Java decompiler (I have but for the record, not on WhatsApp or any other application for which I did not have permission to do so), you would struggle to hide "if (request.Guid==magicGuid) return true;" inside the method responsible for collecting user's consent. The bad guys would have that line NO-OPd within minutes of it being discovered, or they will just move onto whatever other app that implements the signal protocol but is based in whoknowswhere.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon