Discussion:
Plaintext receiver number (Comprehension question)
(too old to reply)
Wilson Meier
2017-03-10 22:39:23 UTC
Permalink
Raw Message
Hello folks,

i'm planning to contribute to the Signal iOS project. So i have set up
everything and started my first debugging session.
During this session i realized that the message receiver number is
always sent to the server API in plaintext.
Example API call: { URL: v1/messages/00445544664}

I understand that the plaintext number is needed for initial sms
verification but why is it needed to do a message transfer?
I thought that only a hash of the number would be used (for security
reasons).

I couldn't find any documentation on the need of plaintext numbers and i
don't have the time to crawl through the server sources to identify the
requirement of this.

Can someone give me an insight on this?

Thanks.

Cheers,
wilson
Johan Wevers
2017-03-11 00:14:28 UTC
Permalink
Raw Message
Post by Wilson Meier
I understand that the plaintext number is needed for initial sms
verification but why is it needed to do a message transfer?
I thought that only a hash of the number would be used (for security
reasons).
And a hash of a phone number is quite useless as a security measure
against determining the phone number, there are so few possible phone
numbers that it can be easily reversed.
--
Met vriendelijke groet,

Johan Wevers
Loading...