Facebook Messenger will receive end-to-end encryption
Facebook has announced the e2e encryption feature for its instant messenger. True, unlike WhatsApp, Viber and Signal, it will not be enabled by default. For its instant messenger, Facebook went along the same path as Telegram and Google Allo, adding this feature as an option. The company plans to release a beta version of the Messenger application for smartphones, in which enhanced encryption will be present in the secret conversations mode.
The current year has become a real cryptographic boom, at first WhatsApp, which, by the way, belongs to Facebook, got the option of enhanced e2e encryption, then it came to Viber. Clouds over WhatsApp began to thicken a month before the managers announced the transition to the default strong encryption mode. The law enforcement agencies who wanted to get access to the message decryption function began to make complaints to the messenger. At that time, WhatsApp used a partial implementation of e2e encryption, available only to Android users.
')
Little is known about the future function of Facebook secret chats. Encrypted chat will be available only from one device that stores the decryption key, it will also not support the transfer of GIF-images and video files. However, it is known that the secure messenger protocol Signal (Signal protocol), which uses the Double Ratched protocol approved by experts, will be used to organize e2e encryption. The encryption protocol Signal was previously called Axolotl.
Thus, Facebook did not develop its own algorithm for e2e encryption, since it is a bad form and does not allow independent experts to analyze its security. That is why Open Whisper Systems' Signal protocol approved by security experts uses WhatsApp. One of the elements of the Signal protocol - Double Ratched also uses Viber. Previously known security experts criticized Telegram for its closed implementation of its own encryption protocol MtProto, which does not allow to verify its security.
The key feature of e2e encryption is that the private decryption keys of messages are not stored on the server side of the service, but on the user's device, which eliminates any possibility of their decryption by anyone else (of course, when implementing a reliable protocol). On the contrary, the “up to server” encryption function, which is used, for example, by Skype, allows the server to decrypt the messages sent by the private key itself. In the e2e encryption scheme, the server stores only information about the public keys of client encryption.
The current year has become a real cryptographic boom, at first WhatsApp, which, by the way, belongs to Facebook, got the option of enhanced e2e encryption, then it came to Viber. Clouds over WhatsApp began to thicken a month before the managers announced the transition to the default strong encryption mode. The law enforcement agencies who wanted to get access to the message decryption function began to make complaints to the messenger. At that time, WhatsApp used a partial implementation of e2e encryption, available only to Android users.
')
Little is known about the future function of Facebook secret chats. Encrypted chat will be available only from one device that stores the decryption key, it will also not support the transfer of GIF-images and video files. However, it is known that the secure messenger protocol Signal (Signal protocol), which uses the Double Ratched protocol approved by experts, will be used to organize e2e encryption. The encryption protocol Signal was previously called Axolotl.
Thus, Facebook did not develop its own algorithm for e2e encryption, since it is a bad form and does not allow independent experts to analyze its security. That is why Open Whisper Systems' Signal protocol approved by security experts uses WhatsApp. One of the elements of the Signal protocol - Double Ratched also uses Viber. Previously known security experts criticized Telegram for its closed implementation of its own encryption protocol MtProto, which does not allow to verify its security.
The key feature of e2e encryption is that the private decryption keys of messages are not stored on the server side of the service, but on the user's device, which eliminates any possibility of their decryption by anyone else (of course, when implementing a reliable protocol). On the contrary, the “up to server” encryption function, which is used, for example, by Skype, allows the server to decrypt the messages sent by the private key itself. In the e2e encryption scheme, the server stores only information about the public keys of client encryption.
Source: https://habr.com/ru/post/305316/
All Articles