The case, led by a special agent in the Commerce Department's Bureau of Industry and Security, focused on claims that some Meta employees and contractors could access...
A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
Creating the secure key pairs used for true E2EE requires a mathematical foundation of true randomness, which can only be achieved on a device by working with the OS, through an API call, to get a random seed that includes pseudorandom numbers from the device’s sensors. There was a post a while back where a dev used ADB to read the API calls used during WhatsApp account setup that showed that no such calls were made, meaning the keys were either totally predictable, or were actually generated by Meta themselves.
When I read the article about cloudflare using lava lamps (and other things at other locations) to create randomness I had no idea it had to be that crazy to be random.
It actually doesn’t need to be so elaborate. Even a video camera with the lens cap on generates more than enough entropy. Your phone can mix together predictable but unique variations - time of day, free memory, CPU serial number, battery level - with less predictable physical sensory - light level, gyroscope, barometer, last touch points, nearby MAC addresses - to create far more on-board randomness than anyone realistically needs.
That said, the whole Cloudflare lava lamp thing is very cool and also gets people talking.
Creating the secure key pairs used for true E2EE requires a mathematical foundation of true randomness, which can only be achieved on a device by working with the OS, through an API call, to get a random seed that includes pseudorandom numbers from the device’s sensors. There was a post a while back where a dev used ADB to read the API calls used during WhatsApp account setup that showed that no such calls were made, meaning the keys were either totally predictable, or were actually generated by Meta themselves.
When I read the article about cloudflare using lava lamps (and other things at other locations) to create randomness I had no idea it had to be that crazy to be random.
https://youtu.be/1cUUfMeOijg
It actually doesn’t need to be so elaborate. Even a video camera with the lens cap on generates more than enough entropy. Your phone can mix together predictable but unique variations - time of day, free memory, CPU serial number, battery level - with less predictable physical sensory - light level, gyroscope, barometer, last touch points, nearby MAC addresses - to create far more on-board randomness than anyone realistically needs.
That said, the whole Cloudflare lava lamp thing is very cool and also gets people talking.
definitely cool, i want a wall like that. it would be a lot better than the one i kept tipping over and burning shit with in my tiny room at the time
interesting. Never heard this before. How is the entropy created? Wont all the values for the pixels be near zero (extemely simplified)?
Interesting! Is the post available somewhere?