Arunia t1_je68c89 wrote on March 29, 2023 at 6:28 PM

The encryption is from your end to the other and only both devices know the code to decrypt the messages. Which means it should be safe.

istoOi t1_je6bjwa wrote on March 29, 2023 at 6:49 PM

There are some who offer "end to end" encryption, but the app provider actually knows the encryption keys.

So while it is technically true that they have e2e encryption, they can read it anytime they want/need to.

No_Tamanegi t1_je6kmwp wrote on March 29, 2023 at 7:47 PM

Should mean its safe, but doesn't necessarily guarantee. The software can only guarantee the encryption between the sender and the recipient. But if something on either the sender or recipients device has the ability to intercept the message, it can still be compromised.

Zharken t1_je6kuzl wrote on March 29, 2023 at 7:48 PM

How does the recipient device know the encryption key?

I'd assume a new key has to be generated everytime and if the sender generates one, to encrypt the message, then it can't send the key to the recipient because if it does so, any man in the middle would also know the key and thus, making the entire encryption thing useless.

BiomeWalker t1_je6yucj wrote on March 29, 2023 at 9:19 PM

At the start of the conversation each device sends the other a "public key" which can be used to encrypt the data while keeping a matching "privet key" which is the only way to decrypt data that has been encrypted with the "public key"

Zharken t1_je7705e wrote on March 29, 2023 at 10:15 PM

oh so I give you a key that everyone can see, but can only be used to encrypt, and I have a different key that no one knows that I can use to decrypt what you return to me and vice versa

BiomeWalker t1_je77f0c wrote on March 29, 2023 at 10:18 PM

Yep, that sums it up pretty well.

flux124 t1_je6mt6t wrote on March 29, 2023 at 8:00 PM

The trick is that there exist encryption schemes such as RSA which allow a private and public key. The way it works it that you generate both, keep the private key a secret and share the public key with the world. The private key only decrypts messages signed with the public one and the public one only decrypts messages encrypted with the public key. This means the public can send you messages only you can read and you can send messages that are verifiable to have come from you because they can be decrypted by the public key. From here you can use AES, which is symmetric, same key for encryption and decryption, to share the same key between both people. This is actually how https Internet security works. Your OS /browser keeps track of certain public keys that can be used to verify domains as being legit.