TechHive: D'oh! Basic flaw in WhatsApp could allow attackers to decrypt messages

TechHive TechHive helps you find your tech sweet spot. We guide you to products you'll love and show you how to get the most out of them.

Manage your social media Best social media tool for image publishing to Facebook and Twitter. Look amazing and delight your followers. Get 40% off when you sign up today. From our sponsors

D'oh! Basic flaw in WhatsApp could allow attackers to decrypt messages Oct 9th 2013, 14:35, by Lucian Constantin, IDG News Service The popular mobile messaging application WhatsApp Messenger has a major design flaw in its cryptographic implementation that could allow attackers to decrypt intercepted messages, according to a Dutch developer. The problem is that the same key is used to encrypt both outgoing and incoming streams between the client and the WhatsApp server, said Thijs Alkemade, a computer science and mathematics student at Utrecht University in the Netherlands and lead developer of the open-source Adium instant messaging client for Mac OS X. "RC4 is a PRNG [pseudo-random number generator] that generates a stream of bytes, which are xored [a crypto operation] with the plaintext that is to be encrypted. By xoring the ciphertext with the same stream, the plaintext is recovered," Alkemade said Tuesday in a blog post that describes the issue in detail. Because of this, if two messages are encrypted with the same key and an attacker can intercept them, like on an open wireless network, he can analyze them to cancel out the key and eventually recover the original plaintext information. To read this article in full or to leave a comment, please click here Media files: encrypt_primary-100022114-small.jpg

You are receiving this email because you subscribed to this feed at blogtrottr.com. If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

• Tweet
• Share
• Share
• Share
• Share

Sign up here with your email