• 16 Posts
  • 2.08K Comments
Joined 3 years ago
cake
Cake day: June 30th, 2023

help-circle




  • here’s the problem: the public keys are all stored on someone else’s (3rd party) server. for whatsapp, they’re stored on whatsapp’s server. so if bob gets a message from alice, he has to read that message with alice’s public key, but he gets the key from whatsapp’s server. so whatsapp can do a man-in-the-middle attack quite easily by giving out a fake alice’s public key.

    Quite the misunderstanding here. The public and private keys don’t secure the message itself, they are a way of both parties arriving at the same secret for the message to use without sending the actual secret.