WhatsApp End-To-End Encryption: What Is It & How To Use It?
WhatsApp is an application used by millions of people. This app has always been on radar of hackers and many other vulnerable apps. The most important thing that WhatsApp needed was a security that no one can break. Talking about security, the latest build of WhatsApp for Android comes with a number of features including showing users whether their messages are end-to-end encrypted, and it is also finally collapsing long messages.
WhatsApp is now end-to-end encrypted at all times. This will ensure that a user’s messages, videos, photos sent over WhatsApp, can’t be read by anyone else; not WhatsApp, not cyber-criminals, not law-enforcement agencies. Even calls and group chats will be encrypted.
WhatsApp asserts that only you and the people involved in your conversations can read your messages. No one, not even WhatsApp, can access them in route. Each message you send is secured with its own lock, with only you and your recipients having the key necessary to unlock. WhatsApp then claims to delete messages from its servers after they've been delivered.
Signs of end-to-end encryption are appearing all over. Users see a message appear inside of their conversations. An option has also appeared under the Security section of Settings.
What is end-to-end encryption and does it work?
WhatsApp is using “The Signal Protocol”, designed by Open Whisper Systems, for its encryption. Company has stated that “once the session is established, clients do not need to rebuild a new session with each other until the existing session state is lost through an external event such as an app reinstall or device change.”
The paper explains how messages are encrypted as well. It reads, “clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.” It also says that calls, large file attachments are end-to-end encrypted as well.
Note the ever-changing message key can mean a delay in some messages getting delivered, according to the paper. It should be noted that feature is enabled by default in WhatsApp, which means that if you and your friends are on the latest version of the app, all chats will be end-to-end encrypted. Unlike say Telegram where users have to start a secret chat to enable the feature, WhatsApp has the feature on at all times. Users don’t have the option of switching off end-to-end encryption.
How to use it?
The first important thing is that both the users need to be on the same versions of WhatsApp to ensure that their chats get end-to-end encrypted. If both the version are same and updated then this feature is by default active and your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.
If you’ve recently updated the app, and you start a chat with someone else you are likely to see a message saying, “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.”
Once you tap on the message, WhatsApp has a pop-up menu explaining what end-to-end encryption means. Users can verify if the encryption is working as well. If a user taps on verify, they will taken to a page with a QR code, followed by a string of 60 numbers. If your friend is nearby, take their phone scan the code from your phone (the option is there at the bottom of the same page) and if the QR code matches, then the chat is encrypted. When the codes match, a green tick appears; when it doesn’t there’s an exclamation mark in red alerting a user that the chat is not secure.
Conclusion:
I don't know how people will react to this feature. No doubt its one the best feature WhatsApp has when it comes to security but already based on previous experiences it will create another havoc between friends and family. I remember how friends and nearby family memebr reacted when one use to hide its 'status' or 'last seen'. And here now you are literally hiding (encrypting) your complete chat. God save such people. :)
Overall, good security. let me know your concerns and comments on how you liked this service and how it is helping you.
Cheers!!!
WhatsApp is now end-to-end encrypted at all times. This will ensure that a user’s messages, videos, photos sent over WhatsApp, can’t be read by anyone else; not WhatsApp, not cyber-criminals, not law-enforcement agencies. Even calls and group chats will be encrypted.
WhatsApp asserts that only you and the people involved in your conversations can read your messages. No one, not even WhatsApp, can access them in route. Each message you send is secured with its own lock, with only you and your recipients having the key necessary to unlock. WhatsApp then claims to delete messages from its servers after they've been delivered.
Signs of end-to-end encryption are appearing all over. Users see a message appear inside of their conversations. An option has also appeared under the Security section of Settings.
What is end-to-end encryption and does it work?
WhatsApp is using “The Signal Protocol”, designed by Open Whisper Systems, for its encryption. Company has stated that “once the session is established, clients do not need to rebuild a new session with each other until the existing session state is lost through an external event such as an app reinstall or device change.”
The paper explains how messages are encrypted as well. It reads, “clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.” It also says that calls, large file attachments are end-to-end encrypted as well.
Note the ever-changing message key can mean a delay in some messages getting delivered, according to the paper. It should be noted that feature is enabled by default in WhatsApp, which means that if you and your friends are on the latest version of the app, all chats will be end-to-end encrypted. Unlike say Telegram where users have to start a secret chat to enable the feature, WhatsApp has the feature on at all times. Users don’t have the option of switching off end-to-end encryption.
How to use it?
The first important thing is that both the users need to be on the same versions of WhatsApp to ensure that their chats get end-to-end encrypted. If both the version are same and updated then this feature is by default active and your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.
If you’ve recently updated the app, and you start a chat with someone else you are likely to see a message saying, “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.”
Once you tap on the message, WhatsApp has a pop-up menu explaining what end-to-end encryption means. Users can verify if the encryption is working as well. If a user taps on verify, they will taken to a page with a QR code, followed by a string of 60 numbers. If your friend is nearby, take their phone scan the code from your phone (the option is there at the bottom of the same page) and if the QR code matches, then the chat is encrypted. When the codes match, a green tick appears; when it doesn’t there’s an exclamation mark in red alerting a user that the chat is not secure.
Conclusion:
I don't know how people will react to this feature. No doubt its one the best feature WhatsApp has when it comes to security but already based on previous experiences it will create another havoc between friends and family. I remember how friends and nearby family memebr reacted when one use to hide its 'status' or 'last seen'. And here now you are literally hiding (encrypting) your complete chat. God save such people. :)
Overall, good security. let me know your concerns and comments on how you liked this service and how it is helping you.
Cheers!!!
No comments: