shanet
commented
6 years ago Messages are encrypted end-to-end so the server cannot decrypt and read them. As for verifying the keys, the socialist millionaire protocol is used. https://en.wikipedia.org/wiki/Socialist_millionaires
melvyn2
As you say on your documentation, cryptully uses DH to exchange the AES key and IV. However, how do you know that you aren't connecting to someone who is intercepting, decrypting, reading and re-encrypting the messages before passing them along (basically, how to check if we aren't being MITM'ed)?