Unless.įor user experience reasons, WhatsApp will actively re-encrypt and re-send undelivered (one-checkmark ✔) messages to device B with the newly created keys. When you install WA on device B, you will be taking ownership of your account again.Īt this point, it's not possible to decrypt messages sent to phone A.
The private keys are indeed stored on the user's device. WhatsApp has a known security design loophole. I am beginner, please correct me if my interpretation is wrong If the messaging service provider too had access to the private key, then they could read any sorts of information transferred between me and the receiver through the app.Īnd whatsapp claims the following in their signal protocol implementation So its pretty obvious that the private keys too are stored in the app's cloud. If the private key had been stored in device "A" then, I must not be able to read the messages from device "B" which I had sent through device "A", but I was able to !! I tired sending a few messages from device "A", switched it off, installed the sameĪpp in another device "B" and logged in with the same account. I am pretty much sure that the private key isn't stored in the user's device because , Its brilliantly designed and perfectly secure, but I doubt on its implementationsįamous messenger services like Whatsapp and Signal claim to have implemented theĮ2e messaging protocol for message privacy, but where are the private keys (of users) I have been learning the famous "SIGNAL MESSAGING PROTOCOL",
0 kommentar(er)
