And how does one verify that the public key received belongs to the intended party, rather than a mi...

feurio • yesterday at 11:21 PM • 2 replies • view on HN

And how does one verify that the public key received belongs to the intended party, rather than a mitm?

If the answer is blind trust in a third party that runs the messaging service then I suspect that you can guess what the people asking those questions are really asking.

Replies

danparsonson • yesterday at 11:31 PM

https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exc...

If Meta are turning it off then I guess it's reasonable to assume that there is something to turn off.

➕ show 2 replies

mrexcess • yesterday at 11:35 PM

> And how does one verify that the public key received belongs to the intended party, rather than a mitm?

Fingerprints. Again, this is like Crypto 101. Not saying that as a personal attack of any kind, I just remain incredulous that what used to be entry level knowledge in “our thing” has evidently become so obscure.

➕ show 1 reply

alt Hacker News

Replies