• DarkenLM
    link
    fedilink
    11 year ago

    True E2EE? Only if you get the key. If they have a backdoor, then it’s trivial.

    • @Aceticon
      link
      English
      5
      edit-2
      1 year ago

      There are ways:

      • The encryption protocol might have a weakness
      • One or both of the devices might be compromised
      • The actual application design might have a weakness
      • The actual application might be conpromised (i.e. on purpose rather than an unknown design flaw)
      • The mechanism for generating the actual keys might have a weakeness (for example, for a while the symetrical key generation for HTTPS in the Mozilla browser was a lot less random than it was supposed to be so those connections were a lot easier to crack)
      • The mechanism for distributing the keys might have a weakness

      Ultimatelly the one trully safe encryption mechanism is the One Time Pad, and that requires a key as long as the message (hence why seldom used) distributed in a safe way (for starters, never over a public network) and there’s still the whole “compromised device” and “compromise application” risks (though implementing the One Time Pad protocol is stupidly simple)