How the Textsecure Protocol Works

An important part of the Signal Protocol is Triple-DH. I did not find a good illustration of how it works, so I made one: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;sdrapkin&#x2F;status&#x2F;738419956371628033" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;sdrapkin&#x2F;status&#x2F;738419956371628033</a>

This post doesn&#x27;t explain the protocol all that well.<p>This is a great explainer:<p><a href="https:&#x2F;&#x2F;vimeo.com&#x2F;117532499" rel="nofollow">https:&#x2F;&#x2F;vimeo.com&#x2F;117532499</a><p>I can&#x27;t seem to find the PDF of the slides of this talk anymore.<p>These are also very useful for understanding:<p><a href="https:&#x2F;&#x2F;whispersystems.org&#x2F;blog&#x2F;advanced-ratcheting&#x2F;" rel="nofollow">https:&#x2F;&#x2F;whispersystems.org&#x2F;blog&#x2F;advanced-ratcheting&#x2F;</a><p><a href="https:&#x2F;&#x2F;whispersystems.org&#x2F;blog&#x2F;private-groups&#x2F;" rel="nofollow">https:&#x2F;&#x2F;whispersystems.org&#x2F;blog&#x2F;private-groups&#x2F;</a><p><a href="https:&#x2F;&#x2F;github.com&#x2F;trevp&#x2F;double_ratchet&#x2F;wiki" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;trevp&#x2F;double_ratchet&#x2F;wiki</a>

Is there any information available (or has there been any analysis done) on the quality of any random number generators in use on mobile phones, especially Android and iOS?

Since What&#x27;sApp uses textsecure, can we be sure that they are blind to the content of our messages? Is there any way for them to get the key, still claim it&#x27;s e2e encrypted, except for when they want to hand the key over to various states etc?

Nice overview. I only wish for there to be an implementation of the signal protocol that fits my needs. In WhatsApp and Allo there are concerns of ad companies using your metadata, and the Signal app is lackluster in the UX department and OWS&#x27;s affinity with Google is rather disappointing also.

isn&#x27;t the &quot;double ratchet&quot; describing the presence of both a DH ratchet as well as a hash ratchet, rather than &quot;send&quot; and &quot;receive&quot;?

&gt; Instead, copies of the server&#x27;s role in the key negotiation are stored by a centralized server for potential clients to fetch and use. This<p>&quot;centralised&quot; and &quot;server&quot; are just about the worst words you want to hear in the description of a system like this and yet they are just thrown in there in a flippant comment at the end of a section?<p>I think a more detailed description of this glorified cache is warranted.