1

I've read the official page on safety numbers but they are still unclear to me. Without verification, there still is end to end encryption, so what difference does it make? Is it that a phone number is easy to spoof so an adversary could pretend to be someone else but with a safety number verified you would know if it's not really them?

schroeder
  • 125,553
  • 55
  • 289
  • 326
northerner
  • 283
  • 1
  • 9

1 Answers1

2

The safety number is actually the fingerprint of your public key.

By verifying this, you verify that the public key you are encrypting the messages to, is in fact the same as the keys used by the other party in the conversation.

If not verified, you could be encrypting your keys with a Man in The Middle's keys, which then proceeds to decrypt the messages, read them, and reencrypt them with the recipients key. You would be none the wiser.

By verifying that the public keys is identical for both participants, you remove the possibility of a MiTM attack.

It's explained in detail in this blog post from Signal.

vidarlo
  • 14,890
  • 2
  • 43
  • 56
  • Why isn't this normally necessary with things like secure websites, how do they protect against MiTM attacks? Is it that usually users don't have the opportunity to exchange something physical but with smartphones there's the option so it's just an additional layer that can be added in this situation? – northerner Aug 19 '20 at 21:04
  • @northerner TLS as used on the web is based on trusted third parties, the Certificate Authorities. Users may compare fingerprints to verify that they get the same cert. [More info here](https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work). – vidarlo Aug 20 '20 at 07:19