Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why doesn’t it store a shared secret based on some information from both parties once a contact has been mutually agreed to be shared… then you can quickly do a verification without any interception from outside sources or any information leaking


It can't be mutual because the receivers don't broadcast, so the sender doesn't know which contacts are in range.

I was also thinking you might be able to use asymmetric crypto for this, and encrypt the hash + a nonce using your private key, and anyone with your public key can decrypt it and check the hash against the contact list. But this means the potential receiver needs to decrypt with every public key it knows, which for large contact lists might be prohibitively expensive.

Someone has probably devised a more clever way, though.


This is what I was thinking. Apple guys are smart they will sort it out


How do you Airdrop to new contacts then? And how do you sync shared secrets securely across multiple devices of a single user?


You must have been in person to share contact details

Same way it does with password manager


That would unfortunately make for behavior inconsistent with the way AirDrop works today. You might have to become “visible to everyone” randomly on a new device, for example.

Not insurmountable, but it would probably be quite un-Apple-like.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: