As the world gets more cautious on matters cyber-security, certain terms get thrown around a lot. One such term is end-to-end encryption, aptly abbreviated as E2EE. Encryption is the process of converting information or data into a code, especially to prevent unauthorized access. End-to-end encryption, therefore, is a system of communication where only the communicating users can read the messages. These systems are designed to defeat any attempts at surveillance or tampering because no third parties can decipher the data being communicated or stored.
WhatsApp, Telegram, Viber, Skype and just about any other Instant Messaging app out there now boasts of some form of end-to-end encryption to counter surveillance by government agencies or any other snooping eye out there. So how does this work? How does end-to-end encryption work?
How does end-to-end encryption work?
In this case, we shall look at how WhatsApp implements its E2EE. WhatsApp is using “The Signal Protocol”, designed by Open Whisper Systems, for its own encryption. WhatsApp tried to explain the technical details of the end-to-end encryption in their White Paper. The Instant Messaging platform says that “once the session is established, clients do not need to rebuild a new session with each other until the existing session state is lost through an external event such as an app reinstall or device change.”
The paper also explains how messages are encrypted; It reads in part, “clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.” It also says that calls, large file attachments are end-to-end encrypted as well. It is okay if none of that made sense to you. I didn’t understand half of it either.
It is, however, important to note that the ever-changing message key means you might occasionally run into certain hickups. This could be anything from delayed delivery of messages to, in certain cases, loss of messages altogether.
End-to-end encryption and encryption altogether is meant to keep people’s data private. Many people ask whether they really do need E2EE in their chats. Truth is we might need E2EE less often than we do. However, if you mostly send sensitive content on your IM services, it is an added peace of mind to know that your data is not going to be intercepted before it gets to its destination. It is also reassuring to note that most platforms don’t allow you to turn off E2EE, so you are always protected, whether you like it or not.
Featured Image courtesy of Medium