This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of
Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of
computers,
computing, and
information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
This article is within the scope of
WikiProject Open, a project which is currently considered to be inactive.OpenWikipedia:WikiProject OpenTemplate:WikiProject OpenOpen articles
This article is within the scope of WikiProject Technology, a collaborative effort to improve the coverage of
technology on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.TechnologyWikipedia:WikiProject TechnologyTemplate:WikiProject TechnologyTechnology articles
This article is within the scope of WikiProject Software, a collaborative effort to improve the coverage of
software on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.SoftwareWikipedia:WikiProject SoftwareTemplate:WikiProject Softwaresoftware articles
This article is within the scope of WikiProject Telecommunications, a collaborative effort to improve the coverage of
Telecommunications on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.TelecommunicationsWikipedia:WikiProject TelecommunicationsTemplate:WikiProject TelecommunicationsTelecommunications articles
I have put in that whatsapp, google allo, and facebook claim to use this protocol, because I think it's significant to know the difference between the implementation in apps which are open source and are studied, and the claims of proprietary closed source clients (apps), which might reveal a user's private keys without the user's knowledge, and thus depend entirely on believing Facebook, or Google, who do have an economic interest in knowing the content of the user's communications.
Brinerustle (
talk)
08:12, 23 December 2016 (UTC)reply
Are you able to provide
reliable sources that discuss this? Saying that WhatsApp, Facebook Messenger and Google Allo "claim" to use the protocol implies that their statements' credibility has been called into question (see
WP:CLAIM). Unless you can provide reliable sources that have called into question their statements' credibility, then we should not imply that this has happened. There is currently no evidence of these companies revealing their users' private keys without their users' knowledge. In order to maintain a
neutral point of view and avoid
original research, we should use clear, direct language, and let
verifiable facts alone do the talking. Keep in mind that, in determining proper weight, we consider a viewpoint's prevalence in reliable sources, not its prevalence among Wikipedia editors or the general public (see
WP:WEIGHT). --
Dodi 8238 (
talk)
09:08, 23 December 2016 (UTC)reply
I disagree with the above interpretation of
Brinerustle's use of "claim" in this case. The relevant section (per my reading) of
WP:CLAIM states: "To write that someone asserted or claimed something can call their statement's credibility into question, by emphasizing any potential contradiction or implying a disregard for evidence." To state that use of "claim" can call someone's credibility into question does not mean that such use implies such a questioning. In this particular case, the claim is one about an implementation of software solely controlled by the entity making the claim, since that entity has exclusive access to both the software's source code and to it's build process. No such claim can be verified by any outside party. Other parties can, by observing the action of the software at runtime, attempt to verify that the software performs according to the protocol its controlling entity claims it implements; but without access to the source code and the build process, no one can demonstrate that the software implements the protocol *correctly* and without any bad behavior. The claim is made in absence of evidence (the only possible evidence is actively withheld by the claiming parties), so IMO the mere statement that the various products implement the protocol is a "claim".
Koanhead (
talk)
02:52, 29 December 2017 (UTC)reply
Exactly. What is currently missing is evidence for the statement "it has since been implemented". I agree that there is no evidence for the private keys being exposed, but there is also no evidence for the implementation. It needs restating, I will give it another go.
Brinerustle (
talk)
09:42, 14 April 2018 (UTC)reply
Add Encryption Protocols information
The following is a quote from the Wiki article on Signal [1], which is the first software that implemented the Signal Protocol --
"Signal messages are encrypted with the Signal Protocol (formerly known as the TextSecure Protocol). The protocol combines the Double Ratchet Algorithm, prekeys, and a Triple Diffie-Hellman (3XDH) handshake. It uses Curve25519, AES-256, and HMAC-SHA256 as primitives."
This information needs to be added to this article. I believe the format for such information has already been established.
Are there any countries that restrict the export and import of technologies using the protocol? If so, that information should be added to this article.
Squideshi (
talk)
22:35, 30 March 2019 (UTC)reply
The history section could be updated with the new extension and pretty much all the content of the PQXDH article could be copied over, maybe trimmed a little but not much.
Alpha3031 (
t •
c)
14:58, 27 October 2023 (UTC)reply