In the last few years phones and apps have been touting themselves as better than other phones/services because their messaging has end-to-end encryption, or some other variant of secure messaging. Why do we care?
Edit: Thanks for the answers, everyone!
In: 140
I only went through the top five, but they are all wrong. I have some experience in this. Maybe even a patent or two.
Proper encryption is difficult and generally requires a really complex way of exchanging keys with one another. So, setting up these key pairs (actually quads) between each party you talk to is computationally difficult.
It’s WAY easier to set up a secure link between you and a central server (e.g. imesssge) and another secure link from the central server to your friend. Third parties, even governments, can’t read the messages even if they can intercept them (and they can) because they are encrypted between you and the server and your friend and the server.
BUT, in this system, the messages ARE legible to that central server because the keys were just between you and the server. A government COULD (and does) force the owner of that central server to reveal the contents of the messages.
When using end-to-end encryption, however, the keys are exchanged end point to end point and the central server is just a relay – it can’t read the contents. So even if a government compels the owner of that central server, they (presumably) can’t provide the contents of the conversation even if they wanted to.
But the key exchange complexity to do this reliably increases exponentially, which is why most systems still use the central server relay method.
Latest Answers