Wilson Meier
2017-03-10 22:39:23 UTC
Hello folks,
i'm planning to contribute to the Signal iOS project. So i have set up
everything and started my first debugging session.
During this session i realized that the message receiver number is
always sent to the server API in plaintext.
Example API call: { URL: v1/messages/00445544664}
I understand that the plaintext number is needed for initial sms
verification but why is it needed to do a message transfer?
I thought that only a hash of the number would be used (for security
reasons).
I couldn't find any documentation on the need of plaintext numbers and i
don't have the time to crawl through the server sources to identify the
requirement of this.
Can someone give me an insight on this?
Thanks.
Cheers,
wilson
i'm planning to contribute to the Signal iOS project. So i have set up
everything and started my first debugging session.
During this session i realized that the message receiver number is
always sent to the server API in plaintext.
Example API call: { URL: v1/messages/00445544664}
I understand that the plaintext number is needed for initial sms
verification but why is it needed to do a message transfer?
I thought that only a hash of the number would be used (for security
reasons).
I couldn't find any documentation on the need of plaintext numbers and i
don't have the time to crawl through the server sources to identify the
requirement of this.
Can someone give me an insight on this?
Thanks.
Cheers,
wilson