Which Cryptography algorithm is used in WhatsApp end-to-end security?

Question

I have a presentation to make on Social Network Security. I have been doing some research regarding this.

I did a lot of searching, but was unable to find the Crypto Algorithm used by WhatsApp for end-to-end Encryption.

Maybe just as import is their implementation of said algorithms though. — Jacco, Apr 13 '16 at 08:14

score 34 · Accepted Answer · edited Apr 12 '16 at 16:40

34

WhatsApp partnered with Open Whisper Systems for the cryptographic portions of messaging. The process involves a variation of Off the Record (OTR), Perfect Forward Secrecy (PFS), and the Double Ratchet Algorithm (DRA).

Open Whisper Systems has blog posts on cryptographic ratcheting, and their Signal Protocol Integration for WhatsApp.

edited Apr 12 '16 at 16:40

TRiG

609
5
14

answered Apr 12 '16 at 12:02

munkeyoto

8,682
16
31

Thanks alot.. Do Facebook or any other social site also use any Cryptography algorithms ? – Taha Kirmani Apr 12 '16 at 12:06
6

@TahaKirmani here is a detailed article about those who are, and those who aren't using encryption http://recode.net/2015/12/21/is-your-messaging-app-encrypted/ – munkeyoto Apr 12 '16 at 13:14
4

"Do Facebook or any other social site also use any Cryptography algorithms?" -- They almost certainly use TLS! – Xiong Chiamiov Apr 12 '16 at 18:59

score 2 · Answer 2 · answered May 09 '19 at 08:31

Whatsapp uses the Curve25519 based algorithm. The history of Curve25519 is worth noting as it was introduced after the concerns over allegations that certain parameters of the previously prevalent P-256 NIST standards have been manipulated by NSA for easier snooping. Elliptic Curve Diffie Hellman algorithm is a mathematical algorithm which helps two communicating entities to agree up on a shared secret without actually sending the actual keys to each other. Even the Facebook Messenger, viber uses this algorithm.

Refer this for more information: https://www.linkedin.com/pulse/how-whatsapp-uses-end-encryption-ashish-bijawat

In case anyone need a detailed explanation by the WhatsApp itself, refer this : https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf — Guna Chand Dakavarapu, May 22 '19 at 05:19

score 0 · Answer 3 · edited Jun 14 '20 at 14:05

0

It uses Message Key which is generated by HMAC-SHA256 and Message Key is Protected by AES256 for end to end.

So basically, they use SHA256 for Message key to be delivered to the client and these keys are responsible for decrypting messages (actual). For key protection, they use AES256 in CBC mode for encryption of keys generally.

source

edited Jun 14 '20 at 14:05

schroeder

123,438
55
284
319

answered Jun 14 '20 at 04:32

avadro112

1

1

Ok, but you've missed some important details. You've only described the ***session key***, which is just one part of the whole. – schroeder Jun 14 '20 at 14:07

Which Cryptography algorithm is used in WhatsApp end-to-end security?

3 Answers3