Things to know about WhatsApp Encryption New Feature

Yesterday WhatsApp launched end to end encryption service for its users. Now, most of them are getting this feature and most of them are not. The general idea behind this encryption technology is a more secure messaging.

What is end-to-end encryption?

Many messaging apps only encrypt messages between you and them, but WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.

The Signal Protocol, designed by Open Whisper Systems, is the basis for WhatsApp’s end-to-end encryption. This end-to-end encryption protocol is designed to prevent third parties and WhatsApp from having plaintext access to messages or calls. What’s more, even if encryption keys from a user’s device are ever physically compromised, they cannot be used to go back in time to decrypt previously transmitted messages.

Call Setup

WhatsApp calls are also end-to-end encrypted. When a WhatsApp user initiates a call:

  1. The initiator builds an encrypted session with the recipient (as outlined in Section Initiating Session Setup), if one does not already exist.
  2. The initiator generates a random 32-byte SRTP master secret.
  3. The initiator transmits an encrypted message to the recipient that signals an incoming call, and contains the SRTP master secret.
  4. If the responder answers the call, a SRTP encrypted call ensues.

 Verifying Keys

you need to know about WhatsApp encryption

WhatsApp users additionally have the option to verify the keys of the other users with whom they are communicating so that they are able to confirm that an unauthorized third party (or WhatsApp) has not initiated a man-in-the-middle attack. This can be done by scanning a QR code, or by comparing a 60-digit number.

The QR code contains:

  1. A version.
  2. The user identifier for both parties.
  3. The full 32-byte public Identity Key for both parties.

Criticism on the encryption technology

The FBI and other law enforcement agencies believe that stronger encryption protocols may allow criminals and terrorists to communicate with impunity. But can we risk the privacy of 1 Billion WhatsApp user, that is still an open question.

Also, an article in Livemint.com said that WhatsApp is not encrypting everything. Buried in the fine print is this line: WhatsApp may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which WhatsApp is legally compelled to collect.”

Which basically means even if the content is not being recorded, it’ll still leave plenty of information to identify you.

Why you are not getting this feature?

The only reason you may not have this feature is because your WhatsApp is outdated. So, update it and enjoy the secure messaging.

Leave a Reply