
WhatsApp Security Whitepaper [pdf] - frankpf
https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
======
dang
[https://news.ycombinator.com/item?id=11431108](https://news.ycombinator.com/item?id=11431108)

------
CiPHPerCoder
From what I can tell, the main difference between this and what Signal was
using as of December is:

\- WhatsApp uses AES-256 instead of AES-128 (both are CBC mode)

\- WhatsApp uses HMAC-SHA-256 instead of HMAC-SHA-1

I _think_ everything else is the same. (I need to re-read the Signal Protocol
specification later today to make sure.)

~~~
moxie
There is no difference, WhatsApp and Signal both use the Signal Protocol, and
the same code: [https://github.com/whispersystems/libsignal-protocol-
java](https://github.com/whispersystems/libsignal-protocol-java)

~~~
CiPHPerCoder
Oh, excellent.

(Last I checked it was still AES-128 and SHA-1, but that was before the name
change and I wasn't sure if it had changed. Glad to hear it has.)

------
d33
It's nice to see decent security turned into a product desired by the users! I
wonder which big platform is going to adopt this next :)

Is there any open-source Linux desktop implementation?

~~~
xlynx
No but there's a desktop web front-end which relays through your smartphone.
[https://web.whatsapp.com](https://web.whatsapp.com)

------
nickik
Do they use pinning for the Transport Layer? Apple seems to do that in their
newer versions. Or is their some reason why they should not?

------
l1feh4ck
end-to-end encryption protocol haa?

