Forums Community Zero-knowledge Reply To: Zero-knowledge

#6240 Reply


I know you can manually check your own fingerprint in the config – AxCrypt refer to it as a thumbprint – although it is ultimately a centralised system. Having a UI option to visually compare the string adds an extra layer of security.

WhatsApp deal with it in their own way (see illustration) and it’s found under a secondary menu. Something similar in AxCrypt would reduce the overall risk profile because AxCrypt couldn’t be secretly compelled (if such a law even exists) to change the recipient or add another party without detection.

However as I’m typing this I can see the potential problem if such a demand was made because your server is the trusted authority. Because of the design choices it’d only affect online users and primarily those who share files.

I suppose that a user concerned about this would have to manually exchange his public key with the recipient. That’d seems like a suitable workaround.

Example WhatsApp Security Code (Fingerprint)