Lately there’s been a lot of attention to how different secure messengers deal with key changes and ensure the authenticity of conversations.
It’s fantastic to see the growing interest in this topic, and with that, some well thought-through security reviews of Wire by the infosec community. Unfortunately there have also been cases of anonymous accounts on social media publishing misleading information about our app and its security.
This post will look at Wire’s unique implementation of end-to-end encryption in a multi device scenario, key verification and the behavior when keys change.
One of the big reasons people like Wire is the fact that it works on mobile, tablets and desktop while keeping everything — messages, pictures, calls — nicely in sync.
Wire is the only truly multi-device, verifiably end-to-end encrypted communication platform on the market. Some others take the more limited approach of linked devices or secondary devices where the desktop experience is tied to the mobile app.
The multi-device nature of Wire has lead to conscious design choices, both on the technical and user experience level.
For example, when someone logs in with the same account on Wire on their phone and their laptop both devices generate a unique cryptographic key which is used to encrypt and decrypt messages that the person sends.
Designing key management and fingerprint verification has been an exercise in finding the right balance between security, complexity and ease of use. This remains a constant area of focus, and we are actively exploring alternatives and improvements.
This is how the verification works in more detail:
When two people (Alice and Bob) connect the first time on Wire then we assume they know and trust each other. Of course we recommend that they compare their device key fingerprints for added security. It’s straightforward if both are using only one device. After Alice verifies Bob’s device a new blue shield icon is displayed before Bob’s name in their conversation.
Alice logs in on a new device, perhaps via Chrome browser on her laptop.
As said earlier, each one of Alice’s devices has a unique key and she should also verify her own devices. Only after that can she verify the fingerprints of Bob’s devices and have a fully verified conversation.
Verification on Wire is unidirectional meaning that Bob does not need to verify Alice’s devices to create more security for Alice. If Bob adds a new device, Alice will be alerted.
In a scenario where Alice uninstalls Wire (perhaps she’s switching to a new phone) and Bob sends her a message Alice will never receive the message. Bob will see that the message is in “Sent” status (has reached Wire servers) but not “Delivered” status.
The message is not automatically re-sent once Alice has added a new device. If Bob tries to send it again (because the “Sent” status tells him it hasn’t arrived), he will see the blocking take-over screen (shown below) to let him know Alice is using a new device.
As a result of the questions and feedback from the community we’re in the process of auditing both user experience and different scenarios. We’ve identified a few smaller improvements already: