[–] CiPHPerCoder 10y ago ↗ From what I can tell, the main difference between this and what Signal was using as of December is:- WhatsApp uses AES-256 instead of AES-128 (both are CBC mode)- WhatsApp uses HMAC-SHA-256 instead of HMAC-SHA-1I think everything else is the same. (I need to re-read the Signal Protocol specification later today to make sure.) [–] aorth 10y ago ↗ The WhatsApp paper also mentions that they are using AES-GCM for message transit (Client A → WhatsApp server, I guess). [–] moxie 10y ago ↗ There is no difference, WhatsApp and Signal both use the Signal Protocol, and the same code: https://github.com/whispersystems/libsignal-protocol-java [–] CiPHPerCoder 10y ago ↗ Oh, excellent.(Last I checked it was still AES-128 and SHA-1, but that was before the name change and I wasn't sure if it had changed. Glad to hear it has.)
[–] aorth 10y ago ↗ The WhatsApp paper also mentions that they are using AES-GCM for message transit (Client A → WhatsApp server, I guess).
[–] moxie 10y ago ↗ There is no difference, WhatsApp and Signal both use the Signal Protocol, and the same code: https://github.com/whispersystems/libsignal-protocol-java [–] CiPHPerCoder 10y ago ↗ Oh, excellent.(Last I checked it was still AES-128 and SHA-1, but that was before the name change and I wasn't sure if it had changed. Glad to hear it has.)
[–] CiPHPerCoder 10y ago ↗ Oh, excellent.(Last I checked it was still AES-128 and SHA-1, but that was before the name change and I wasn't sure if it had changed. Glad to hear it has.)
[–] d33 10y ago ↗ It's nice to see decent security turned into a product desired by the users! I wonder which big platform is going to adopt this next :)Is there any open-source Linux desktop implementation? [–] xlynx 10y ago ↗ No but there's a desktop web front-end which relays through your smartphone. https://web.whatsapp.com
[–] xlynx 10y ago ↗ No but there's a desktop web front-end which relays through your smartphone. https://web.whatsapp.com
[–] nickik 10y ago ↗ Do they use pinning for the Transport Layer? Apple seems to do that in their newer versions. Or is their some reason why they should not?
9 comments
[ 4.9 ms ] story [ 39.7 ms ] thread- WhatsApp uses AES-256 instead of AES-128 (both are CBC mode)
- WhatsApp uses HMAC-SHA-256 instead of HMAC-SHA-1
I think everything else is the same. (I need to re-read the Signal Protocol specification later today to make sure.)
(Last I checked it was still AES-128 and SHA-1, but that was before the name change and I wasn't sure if it had changed. Glad to hear it has.)
Is there any open-source Linux desktop implementation?