Mysk🇨🇦🇩🇪 on Nostr: .... 2/2 🧵 Users negotiate a shared key to start an encrypted conversation using ...
.... 2/2 🧵
Users negotiate a shared key to start an encrypted conversation using their public keys. After the negotiation phase, both the sender and recipient agree on a shared key to encrypt/decrypt messages in the conversation. Thus, every user has to trust that Twitter delivers the correct public key of the DM counterpart. Otherwise, an attacker can intercept the communication between one user and Twitter and act on behalf of the victim to negotiate the shared key with the DM counterpart. In the end, the attacker obtains the shared key and can decrypt [also alter and re-encrypt] the messages in the encrypted DM.
This major flaw does not disqualify the communication from being end-to-end encrypted. Twitter can easily overcome this flaw by letting users view the fingerprint of their own public keys.
#Privacy #Cybersecurity #InfoSec #Twitter #Security #E2EE
Link to the Platformer article:
https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted
Users negotiate a shared key to start an encrypted conversation using their public keys. After the negotiation phase, both the sender and recipient agree on a shared key to encrypt/decrypt messages in the conversation. Thus, every user has to trust that Twitter delivers the correct public key of the DM counterpart. Otherwise, an attacker can intercept the communication between one user and Twitter and act on behalf of the victim to negotiate the shared key with the DM counterpart. In the end, the attacker obtains the shared key and can decrypt [also alter and re-encrypt] the messages in the encrypted DM.
This major flaw does not disqualify the communication from being end-to-end encrypted. Twitter can easily overcome this flaw by letting users view the fingerprint of their own public keys.
#Privacy #Cybersecurity #InfoSec #Twitter #Security #E2EE
Link to the Platformer article:
https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted