Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
Let's talk more about how to secure communications between two or more users.
Open Whisper Systems libraries for C, Java, and JavaScript.
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
So much of our technology usage nowadays
has been communicating with other people.
0:00
There's the traditional email and
SMS, of course.
0:04
But there's also instant messaging like
Hangouts, social chat systems like Discord
0:06
and Slack, and more modern SMS
platforms like Signal and WhatsApp.
0:11
Aside from using TLS and SSL to ensure
a secure connection between the client and
0:15
the server, you should also consider
including end-to-end encryption and
0:19
forward secrecy.
0:23
Let's talk a bit about
how that would work.
0:24
In traditional cryptography discussions,
you'll usually encounter two users,
0:27
Alice and Bob.
0:31
We'll stick with those.
0:32
So Alice and
Bob are both using Treehouse Messenger.
0:33
When they signed up, the service
created for each of them a private and
0:36
public key pair.
0:39
Now when Alice tries to send a message to
Bob, her client sends a handshake to Bob's
0:40
client, a message that says hey, I'd
like to connect to you, here's who I am.
0:44
Bob's client checks the signature on the
handshake against Alice's public key, and
0:49
sends his own handshake back to her,
which she validates.
0:51
Now that they've verified
each other's identity,
0:56
they agree together on
a Shared Secret Key.
0:58
They'll both use that same key to encrypt
the messages they send to each other.
1:00
At this point,
we have a potential issue though.
1:04
If someone gains access
to either Alice's or
1:06
Bob's private keys, they can
impersonate them for future handshake.
1:09
If they gained access to
the shared secret key,
1:13
they could decrypt the messages
each has sent with that key.
1:15
To prevent both of these, and to provide
something known as forward secrecy,
1:18
the messaging system should switch
the shared secret key often.
1:21
Sometimes this is as often
as with every message.
1:25
Our system could take Alice's and Bob's
message encryption a bit further too.
1:28
We can use the other party's public
key to encrypt the message before or
1:32
after it's encrypted with the secret key.
1:35
Decryption would then require both
the shared key and their own private key.
1:37
If you're interested in exploring
this further, Open Whisper system
1:42
have made signal protocol available
as an open source library for
1:45
C, Java, and JavaScript.
1:48
I've included links to them
in the Teachers' Notes.
1:49
Before we move on,
1:53
let's talk a bit more about this
forward secrecy thing I brought up.
1:53
If Alice and Bob always used the same
key to encrypt their communications,
1:56
if a new player, Carol,
gained access to that key,
2:00
she could read all of Alice's and
Bob's past and future communications.
2:03
In a system with forward secrecy though,
Alice and
2:07
Bob agree on a new shared secret key for
every time they talk to each other.
2:09
Now, if Carol gains access
to a shared secret,
2:13
she can only decrypt messages
sent using that key.
2:16
Any messages sent in the future
conversations will be encrypted with a new
2:19
shared secret, so they're safe.
2:21
And messages from previous conversations
are also encrypted with a different
2:24
secret, so they're also safe.
2:27
Encryption and
hashing are all well and good.
2:29
But what about keeping people
out of the system to begin with?
2:31
In the next video, we'll talk about ACLs,
and no, that's not a shoulder injury.
2:34
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up