I know that Whatsapp is using end-to-end encryption, but is the sender and/or reciever identity also encrypted in a different layer?
If so, is there any way to monitor the party IDs of a conversation by a long-term sniffing?
Asked
Active
Viewed 820 times
2
David
- 16,074
- 3
- 51
- 74
Yotam Hochman
- 29
- 1
-
What are you asking? – MCW Nov 22 '16 at 13:19
-
If they use xmpp then the user-id is also encrypted – Peter Chaula Nov 22 '16 at 16:07
1 Answers
1
WhatsApp's end to end encryption is based on the Signal protocol developed by Open Whisper Systems. An overview of the implementation of the protocol in WhatsApp can be found in this white paper.
According to the double ratchet algorithm documentation which is used by Signal:
The Double Ratchet algorithm is used by two parties to exchange encrypted messages based on a shared secret key. Typically the parties will use some key agreement protocol (such as X3DH 1) to agree on the shared secret key. Following this, the parties will use the Double Ratchet to send and receive encrypted messages.
The parties derive new keys for every Double Ratchet message so that earlier keys cannot be calculated from later ones. The parties also send Diffie-Hellman public values attached to their messages. The results of Diffie-Hellman calculations are mixed into the derived keys so that later keys cannot be calculated from earlier ones. These properties gives some protection to earlier or later encrypted messages in case of a compromise of a party's keys.
It provides forward secrecy. It is a complex algorithm which has been studied by cryptographers and is being constantly improved.
As far anonymity of the users, it does require a phone number to work so I guess you are as anonymous as your phone number.
