TransWikia.com

Is fingerprint authentication meaningless if the server/client is closed source?

Cryptography Asked by Dante on December 10, 2020

I’m talking about when two chat users want to verify their identities via public key fingerprints.

If the Client app is closed source, and we cannot see what it is doing, isn’t the Server able to play "Man in the middle" attack here? Client app would just need to display fake but matching fingerprints to both users, and therefore the fingerprint authentication proves nothing?

Maybe I’m missing something, I hope you guys can help me figure this out.

P.S.
I had this question while examining signal protocol, but I believe it applies universally.

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP