Creating the secure key pairs used for true E2EE requires a mathematical foundation of true randomness, which can only be achieved on a device by working with the OS, through an API call, to get a random seed that includes pseudorandom numbers from the device’s sensors. There was a post a while back where a dev used ADB to read the API calls used during WhatsApp account setup that showed that no such calls were made, meaning the keys were either totally predictable, or were actually generated by Meta themselves.
When I read the article about cloudflare using lava lamps (and other things at other locations) to create randomness I had no idea it had to be that crazy to be random.
It actually doesn’t need to be so elaborate. Even a video camera with the lens cap on generates more than enough entropy. Your phone can mix together predictable but unique variations - time of day, free memory, CPU serial number, battery level - with less predictable physical sensory - light level, gyroscope, barometer, last touch points, nearby MAC addresses - to create far more on-board randomness than anyone realistically needs.
That said, the whole Cloudflare lava lamp thing is very cool and also gets people talking.
So the truth is they store messages encrypted. But what they also do is storing the private keys for those messages.
Meaning they technically do it. But it’s like locking the door for someone who also has the keys.
Creating the secure key pairs used for true E2EE requires a mathematical foundation of true randomness, which can only be achieved on a device by working with the OS, through an API call, to get a random seed that includes pseudorandom numbers from the device’s sensors. There was a post a while back where a dev used ADB to read the API calls used during WhatsApp account setup that showed that no such calls were made, meaning the keys were either totally predictable, or were actually generated by Meta themselves.
When I read the article about cloudflare using lava lamps (and other things at other locations) to create randomness I had no idea it had to be that crazy to be random.
https://youtu.be/1cUUfMeOijg
It actually doesn’t need to be so elaborate. Even a video camera with the lens cap on generates more than enough entropy. Your phone can mix together predictable but unique variations - time of day, free memory, CPU serial number, battery level - with less predictable physical sensory - light level, gyroscope, barometer, last touch points, nearby MAC addresses - to create far more on-board randomness than anyone realistically needs.
That said, the whole Cloudflare lava lamp thing is very cool and also gets people talking.
interesting. Never heard this before. How is the entropy created? Wont all the values for the pixels be near zero (extemely simplified)?
definitely cool, i want a wall like that. it would be a lot better than the one i kept tipping over and burning shit with in my tiny room at the time
Interesting! Is the post available somewhere?