It's scary to think about how one day Alice or Bob may die and then all communication protocols will need to be reworked...

For the avoidance of doubt, Facebook messenger does not use this (or any form of end-to-end encryption) in normal messenger conversations; it is only used when you start a "Secret Conversation".

*All the encryption processes* Bob to Alice: "Sup?"

So finally it’s recommended by KZbin 🙂

Man I love these videos. Learn so much! Thank you

I had no idea that instant messaging was so complicated, learn something new every day. Thanks for taking the time to educate us pleb's. :D

I used to teach my students via WhatsApp, but we've now fully switched to the SIGNAL messaging app and are having a great experience.❤️🌹

I see Dr. Pound, I click.

Signal's safety number isn't one hash of both keys; it's a hash of each key, so a pair of fingerprints, sorted so it looks the same on both screens. One half is always your fingerprint.

Dr. Mike Pound is the best in explaining!

Finally some attention for Signal and OWS!

Dr Mike has a perfect record of putting me and my trivial skills in my place. He definitely got me after the first two public keys.

Zucc disapproves.

Excellent, I was hoping you'd cover the ratchet mechanisms built into the protocol, but I see they're coming in the next video. Thank you for spreading awareness!

It's time that this guy takes over the channel

I LOVE how Dr. Pound explains stuff in lay people terms.

Why is it called triple Diffie-Hellman if it uses four Diffie-Hellmans?

Signal

i have a question: what happens in group messaging? like in whatsapp groups? if everyone is end-to-end encryped with everyone how can i read what happens between 2 group members?

So there's only a finite amount of backlog messages that the server can receive for me when I'm offline, since there's a finite number of one-time keys that it has for me?

Very informative! Didn't knew end-to-end is so complicated!

Everywhere I go, Alice and Bob have been there first.

Anyone after new terms of WhatsApp?

what about group chats? How are encryption keys generated in a group chat. What happens when you add a member or remove a member from the group. Does the whole key change? This would make a very informative video

Thanks for making this video. I'm always looking for better ways to try and explain the Signal Protocol to other people, and this makes an excellent starting point. I've personally focused so much on the ratcheting process (hopefully to be covered well in the next video) that I've almost forgotten about the nuances of the session setup process.

I saw a guy do a Triple Diffie Helman at the Coney Island pier years ago...

I'm feeling very thick after listening to this...

the two dislikes are from some men in the middle

Who else is watching this in 2021? suddenly super relevant!

I think the only people who follow this guy already know the subject.

Signal needs to be more popular, I hate using messenger, sms to communicate with friends.

Dr. Pound. What a name.

Awesome video. Would appreciate one on the KDF.

Usually you will be prompted forced to use a different means of identification, typically your cell number, when you register, and the app will verify this by sending you a message via your mobile network. This is also an out of band identity verification. It is somewhat compromised by burner phones which are now also (cheap) smart phones...

The protocol has been extended to support "multi-device" on whatsapp, it might be super interresting to learn how that changes the game, how it is still possible to verify each other ver-changing bundle of devices on each end of the line and what prevents new rogue devices to be forefully "added" to people bundle, as well as how to device enrollement is secured.

Hi amit from india active user of Signal Private Messenger. The messenger is awesome because it offers me full control over my messages. The best part is that it has a lot of advanced features like 'disappearing messages', 'screen lock', 'incognito keyboard', 'read receipts', 'message trimming' etc.

Thanks for sharing this amazing explanation!

Shouldn't it be possible to do key exchange for a new contact with a one-time message over the phone network, skipping the privately owned server? Then you could verify each other based on the phone number.

The Matrix protocol (and the Riot messenger) is my choice!

Please consider allowing automatic captioning. Thank you!

Talk about the double ratchet!

He's a really great teacher.

If Android and iOS are keylogging or the application installed is doing keylogging it does not matter if the data is encrypted when transferred out of your phone because at the side you clear text is encrypted and sent to the total surveillance network...

Anyone after change in WhatsApp Privacy Policy & everyone switching to Signal and Telegram?

How does the protocol work for multiple devices? Like Whatsapp Web or the signal desktop app?

One day, the University of Nottingham will run out of dot matrix printer paper, and there will be no more Computerphile videos. And then we'll all be sad. :(

So I assume we would have one pre-key bundle for each conversation, is that right?

1:52 How does that work? does Bob produce a second public key and encrypt it with the private key from the identity key?

Bring forth the true Signal Protocol!

Guys could you do it a video on RSA? It would be interesting to see how it is used in the real world (with real examples), and also I am doing a project on it so it would be really helpful :D

So to ensure IP_kB belongs to Bob, you had to do it out of band, most likely meeting in person. Then, why not just form a shared key, or a sequence of shared keys at that point? I guess the advantage of doing it this way is so that the OP_kB can be updated with more keys without meeting out of band again after the first time...

I would love to see outtakes of these videos :D

So, ”security codes” are the PGP equivalent of sharing key fingerprints in person. Is there something similar to a web of trust (or a “strong set”) in Signal?

Hey, I got a bit lost around 8:30, where you are talking about how the server combines the two identity keys. I don't quite understand how that helps ruling out man-in-the-middle attacks. Shouldn't we also incorporate the signed versions and and check them? Cheers

4 years and the next part is still "coming soon"...

Why not just use Bob's public key to encrypt the messages? To mitigate the problems of private keys being leaked?

I have a great idea for total private communications. I hate to say it here for fear it may get stolen, but I'm going to say it anyway. What if we started a business where we wrote things on paper and took them to a place where a person would deliver it to the person you're reaching out to. We could charge for each paper delivered, kinda like Uber but for papers.🤔

Oh boy this video is gonna blow up now again

Is this the same concept as secure business communications with public and private keys, and if not how do does one go about learning this thanks.

Dr. Mike mentioned Signal in 2018, how cool is that?

Thanks for the explanation!

We are using MyChat enterprise messenger at the office. It does not require a phone number and can work without the Internet. Perfect for us for now. It also has own server, so... heck no more public messengers :D

I am not sure if "WhatsApp" was there in the video title earlier :\

What's the difference between the safety number and a siganture?

The safety number isn't generated by a hash function. It's actually just the concatenation of a part of each party's identity key fingerprint (lesser part first). You can check this for yourself by comparing your safety numbers from two different conversations. Half of the digit string will be the same in every conversation on your phone. That half corresponds to your identity key.

private key and public key both are generated by the app, it mean app knows how to generate the private key and all the terminology, it is possible to break this encryption by that creator who make the app or who have all the control , is that not true generating the keys by the app may be store in the server at that time

Major key alert 🔑 Ans another one 🔑

So if I understand this correctly if there is a man in the middle, the safety numbers will not match up, and if they do, there is a guarantee that there is no such attack? A man in the middle could also only drop and replay messages, but not read them due to the encryption, correct?

How do these guys know everything.

Also, does the security number prevent a man in the beggining attack, where somone hijacks the initial handshake with the server?

Oooo sneak preview of the next episode in the end credits

What does the multiple DH do that isn't already achieved by Bob and Alice signing each of his ephemeral public keys and destroying the ephemeral private keys after one use?

how does alice receive the identity key of bob, isnot private key supposed to be kept with him only? @ 3:30

It may be safe against other parties doing the MITM attack, but nothing stops the actual service(For example WhatsApp) to do MITM on the messages. The only way to verify is with the "security key", but nothing is stopping WhatsApp from just generating a number, sending it to both phones and displaying that number.

Neat stuff but can we talk about what's happening on that whiteboard? I see a line formula the rest doesn't seem to correlate...

A question for you: Why can't we just open whatsapp-web and do whatsapp on the computer without an internet connection on the phone?

Hypothetically speaking, if the client is not open source and installed from source itself and we do not verify the safety number off the band, people controlling Signal could man in the middle attack us if they were so inclined. Thankfully we can install from source and also verify the safety numbers so its not an issue. Again hypothetically speaking Signal servers could be setup such that it only attempts man in the middle attack from Playstore but not the ones installed from source. Please correct me if I have misunderstood the way this works.

A technical explination for how SIMP's work

you've killed my trust on the messaging communications hh

Wow. So informative I had to join

just answer me one question if the signal is open source then how it can be end-to-end encrypted ???

Signal does this key exchange for every message, right? Is it possible to only do the key exchange once or to do it via SMS (no server)? I miss being able to text without data.

At 5:53 I didn't got which keys are used to perform Diffie-Helman? for 1: a = IPKA (Private) ? b = SPKB (Private) ? g = IPKA (Public)? n = SPKB (Private)? So the Public Keys from the Pre-Key-Bundle are used as the public variables? Is that the Idea?

And, that's how it came to be that Bob's your uncle and Alice you aunt!

Do a video on the matrix protocol!

@Computerphile You could explain Matrix (matrix.org)

How about the new packet protocol from Google that’s about to become a new standard for internet traffic?

And if you are using whatsapp, your private keys will be forwarded to the NSA. Or will they not? How will we ever know if it is closed source. And that's why cool kids use XMPP with conversations or quicksy.

you better use whiteboard rather than paper. great explanation

I understand now.

What were you working on that necessitated drawing a block of wood on the whiteboard?

How do we know if the safety number itself is even generated correctly?

what does this give over simply using OpenPGP?

Whattsapp is using entd-to-end encryption? Moxie Marlinspike also sais they used actually the signal protocol. But how do you know? Whattsapp is not open source so what if the "safety number" is just a phantasy number displayed on both clients (but not related to the actual keys)? Whattsapp can still play the man in the mitle using their proprietary server software? why should i trust this companys PR? is there a proof of what they do (or certainly not do) on the server? they are the generators of the keys. What about the ECDH backdoor used by whattsapp? Is it possible calculate a hash of the running binary and compare it to a self compiled piece of open source code?

Is it Leonard from Big bang theory?

Can I just call my friend and verify it’s him instead of security keys?

Threema is so 👍 Deimler uses it in house. Try it out.

How does / how do chat clients like "Slack", or the Open Source GitHub project "Mattermost" etc do security ?

Does Snapchat use Signal Protocol for their videos and photos??

I'm having problems sending files. Tried to send an audio file but it keeps failing.