
Ask HN: Is secure messaging mainly a usability problem? - brhsiao
Suppose we wanted to stop the NSA from spying on us. The obvious solution would be encryption. I am then led to understand that basically you should just use PGP and TLS.<p>If we could get everyone in the world to communicate through an open-source channel secured by these two cryptosystems, would that stop third-party snooping? More generally, is there a technical&#x2F;mathematical solution to this problem that the world just isn&#x27;t on board with, or is there more?
======
brudgers
Encryption isn't an obvious solution in a world where three letter agencies
have the financial and technical wherewithal to PWN my devices and manipulate
the entropy pool. I'll put on my tinfoil hat and imagine how many man-years
agencies foreign and domestic have devoted to breaking cryptography since 1930
and the level of commitment patriots have to doing what they believe is
patriotic before I evaluate the likelihood that commercial and amateur
interests have the will and resources to thwart state level actors.

The problem of secure messaging is that there are exponential mismatches of
resources. PGP and TLS are only as good as the entropy pools upon which an
implementation relies.

Good luck.

------
mesquka
So to answer your question, the problem is a usability one.

------
mesquka
Take a look at Signal be Open Whisper Systems - biggest problem with signal is
that in order for you to verify the other parties identity in a fully
trustworthy manner, you'd need to verify your keys in person.

~~~
mesquka
The main issue with WhatsApp is the lack of warning when someone's keys change
and the fact that you have no guarantee that the noise protocol is implemented
end to end as it's impossible to check the source (decompiling/reverse
engineering aside)

