Subj : Re: Matthew Green on Telegrams Encryption
To   : August Abolins
From : Wilfred van Velzen
Date : Thu Sep 19 2024 08:37:42

Hi August,

On 2024-09-18 18:45:00, you wrote to me:

 WvV>> But you have to be in each others neighbourhood to view/
 WvV>> compare it on each others phones.

 AA> Tg's choice of image type doesn't seem very useful to me.  The
 AA> pixelated-like image is too complex for easy comparison.

Indeed. They should at least used more colors. But that might hamper the color-blind...

 AA> A better system might be the series of emojis that Session uses for
 AA> verifying contacts.

I'm not familiar with that one.

 WvV>> I don't know if it's secure to make a screenshot and share
 WvV>> that in the secret chat?

 AA> Why not?

 ->

 AA> "After the secure end-to-end connection has been established,
 AA> we generate a picture that visualizes the encryption key for
 AA> your chat. You can then compare this image with the one your
 AA> friend has - if the two images are the same, you can be sure
 AA> that the secret chat is secure, and no man-in-the-middle attack
 AA> can succeed."

If there is a man in the middle he can change the picture or messages sent to the "correct" one.

 AA> Besides, a secret chat can only be launched from an established
 AA> contact, so.. the chances are that it's the same person is
 AA> pretty high.  :D   So.. perhaps there is practically no point
 AA> in having the image comparison at all.

If there is a man in the middle in the secret chat he will certainly already be in your system for the normal chat too...

But indeed the image isn't very usefull. The hex numbers also displayed, can for instance be compared in a life phone conversation. (unless you are talking to an AI generated voice on the other side, from the man in the middle ;-))


Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
 * Origin: FMail development HQ (2:280/464)

.