Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm not very well versed in encryption but I know many here are and wanted to see if how I imagined this has any merit -

is this something where WhatsApp could encrypt messages word by word instead of by message, and keep a list of the hashes of top sent words and their counts somewhere, then facebook would send some ads directory to WhatsApp clients, where they'd encrypt each keyword in the dictionary, and then compare the dictionary hashes to the top send word hashes, and try to make a match on the client side for specific ads to show?

Or is this more that full encrypted messages would be scanned for some type of needle in the haystack that could infer some value about what's being sent?



I am not a cryptographer.

At a quick inspection this kind of thing would result in pretty bad encryption. A hash of each word (unless salted with a different salt each time, defeating the purpose) is easily broken, even if the hash is a cryptographic hash. I.e. I can build up a dictionary by hashing the top 100k most common words. This kind of attack is why every encryption needs some randomness (or something that's changing) injected to it. It's also unprotected against replay attacks, etc. And I'm probably just scratching the surface.

You really have to encrypt full messages. And sending the same message twice has to result in different ciphertexts. And you need nonces. And probably many other things. Cryptography is hard.


This would only be possible if the same encryption key was used for every message. But I don't think that's the case. So the same plaintext word is encrypted differently every time.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: