SECURITY: WhatsApp’s Encryption Embrace Is a Landmark Event.
An important factor in WhatsApp’s encryption push is the pedigree of the people behind the technology. The outfit is called Open Whisper Systems and it’s led by a very highly regarded cryptographer who uses the name “Moxie Marlinspike” and was once a key member of Twitter’s TWTR -0.23% security team (Twitter bought an earlier company of his, Whisper Systems, to beef up its own security).
Open Whisper Systems created an app called Signal that provides encrypted text messaging and voice calls (functions that were originally marketed on Android as TextSecure and RedPhone respectively). It is this technology that is now incorporated into WhatsApp, across all its mobile platforms — iPhone, Android, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.
The tech is state-of-the-art and uses clever tricks such as “forward secrecy” — each conversation uses a new key, so if an attacker steals the key, they cannot decrypt earlier conversations (a big problem with encrypted email). The code is open-source and has been audited. Users can even verify the security of their conversations by comparing their “security codes”. Snowden himself promotes it.
Sounds good — but you have to wonder that since Snowden is promoting it, does that mean his Russian hosts already have a skeleton key?