Questions tagged [end-to-end-encryption]
End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.
113 questions
0 votes
0 answers
72 views
Not quite end-to-end encryption: encryption models where backend needs to do processing outside of a user session
I'm struggling to come up with a better encryption model for this scenario: User is mobile app user Small (USA) company with small budget wants to store data encrypted at rest per user in cloud ...
- 101
0 votes
1 answer
105 views
Is this an effective scheme to store EEE key on browser client?
Application For the application, I have a user password encrypted private-key, which is basically the root-key stored in servers. User is prompted for password when he logs in, it decrypts the private ...
- 51
5 votes
0 answers
269 views
Why ProtonDrive uses so many layers of encryption that looks redundant
I read their security model which explains how they laid out all these layers. https://proton.me/blog/protondrive-security Files and folders are structured in a tree and called nodes. Each node (file/...
- 51
16 votes
2 answers
5k views
How did Israel intercept WhatsApp calls during Oct 7 2023?
Israel defence forces uploaded this conversation that happened between a Hamas terrorist and his family on Oct 7, 2023. He was on a WhatsApp call. How did Israel intercept these WhatsApp calls which ...
- 289
2 votes
2 answers
661 views
End-to-End Encrypted Proxy Using Password Protected Certificate
I have a thought experiment for the community, curious what everyone's take on it is, specifically what are the major flaws in the idea and how could those be addressed without significantly diverging ...
- 234
1 vote
1 answer
104 views
What does TG E2EE encrypted chat provide? Given its open source clients
Telegram server is not open source. Telegram clients are open source. Users can choose to use E2EE encrypted chat within themselves. User A know User B in real life and they know each other's telegram ...
- 173
1 vote
1 answer
145 views
Is it possible to perform input validation in a system with "true" end-to-end encryption?
Imagine there is a secret key, which is used for symmetric encryption. I.e.: anyone with this key can encrypt / decrypt a message. A service allows users to store a message under a certain filepath, ...
- 113
3 votes
1 answer
745 views
Browser- side caching of encrypted sensitive informations in sessionStorage?
We are currently implementing envelope encryption to securely encrypt sensitive data(name, emails, phone numbers, photo, previous employers etc.) about our users. However, we are now thinking about to ...
- 377
1 vote
1 answer
356 views
How exactly does OpenGPG protect private keys?
Today it was time again to generate some new PGP key pairs that will be used for end-to-end-encrypted email. Now I'd like to know how exactly OpenPGP protects the private keys. What I have understood ...
- 609
1 vote
2 answers
430 views
Can the WhatsApp servers really not read our messages?
As Whatsapp uses Diffie-Hellman algorithm for a key exchange and SSL certification ensures the authenticity of its server for the end user like me. As per my understanding, messages first has to go to ...
- 11
1 vote
5 answers
376 views
Is it safe to derive the salt from the users email/phone number when pre-hashing a password to be sent to a server?
I'm working on making an end-to-end encrypted app that will store sensitive mental health information. The goal is to make it completely impossible for someone with access to the server to see the ...
- 115
1 vote
0 answers
270 views
Encryption of calls and files in XMPP
I use Conversations, and my interlocutor is Monal (or another application for iOS (you can tell which is better)). I plan to use OMEMO for encryption. Are files and photos encrypted or not? Are calls ...
- 11
0 votes
0 answers
341 views
Where to store user private keys in a webapp? [duplicate]
I'm building a webapp where I want to encrypt user data. I've done A LOT of research about this. The main issue is that I want only users to be able to access their data. After reading countless ...
- 111
3 votes
1 answer
680 views
Benefits of the Double Ratchet protocol over the constant Ephemeral DH key exchange
I've been reading lately about the Double Ratchet protocol, how it works conceptually. I understand generally the idea behind the protocol, that it provides Forward Secrecy and Post-Compromise ...
- 133
0 votes
0 answers
275 views
How to implement secure E2EE for a managing App
TL;DR Is it possible to create an end-to-end encrypted web application where newly created users are able to access data encrypted before their creation? My plan is to develop a (let's call it a ...
- 1