undefined | Better HN

0 pointsbrainwad4y ago0 comments

The app can just leak your keys to a central database? Using code other people wrote/compiled always requires trust.

0 comments

upofadown4y ago

The three requirements for effective end to end encryption:

1. All cryptographic keys controlled by the users.

2. Some way to confirm you are actually connected to who you think you are connected to.

3. A way to confirm that the code you are running is not leaking keys/content.

tantalor4y ago

Could the OS lock down the app's permissions to prevent that?

Like, this app can ONLY send/recv e2e encrypted messages, and not log anything or talk to other apps.

brainwadOP4y ago

The app could still send your keys _as_ an e2e message (to the app author). OS enforcement would need to be pretty intrusive to stop this (e.g. a pop-up for every message sent, displaying the actual destination of the message). I bet users would get pretty blind to such pop-ups, and it would be easy to trick them into accepting the leaking of their private keys.

corin_4y ago

If you trust the OS, it could hypothetically be built into the OS such that the app only gives what needs to be encrypted to the OS and gets back an encrypted payload to send, then the app wouldn't need to access your keys?

Of course at that point the OS has to either provide good key management itself, or a good API so that the apps can still make things seamless while still not accessing the keys directly.. and probably other problems I haven't thought of.

1 more reply

tantalor4y ago

Yeah good point, for that matter you need to trust the app isn't cc'ing the FBI on every message you send.

j / k navigate · click thread line to collapse

0 comments

upofadown4y ago

The three requirements for effective end to end encryption:

1. All cryptographic keys controlled by the users.

2. Some way to confirm you are actually connected to who you think you are connected to.

3. A way to confirm that the code you are running is not leaking keys/content.

tantalor4y ago

Could the OS lock down the app's permissions to prevent that?

Like, this app can ONLY send/recv e2e encrypted messages, and not log anything or talk to other apps.

brainwadOP4y ago

corin_4y ago

1 more reply

tantalor4y ago

Yeah good point, for that matter you need to trust the app isn't cc'ing the FBI on every message you send.

j / k navigate · click thread line to collapse