(This post was written by a researcher in the Cryptography, Security, and Privacy (CrySP) lab at the University of Waterloo. The opinions expressed here do not necessarily reflect the opinions of other CrySP researchers or the university.)

Written: 2016-12-22 (Updated 2018-02-21)

Update (2018-02-21): After our original post, Wire updated their calling protocol to add end-to-end authentication and constant bitrate encoding. The server code was also released. This page now reflects the current state of the protocol. For our original post, including Wire's original response, see the archived version.

Recently, the Wire secure messaging application has received increased attention from the media and the public. In the wake of the Snowden revelations, we have seen the release of many secure messaging platforms, each claiming to offer excellent security features. Unfortunately, it is often difficult to evaluate the truth of these claims. We have also seen multiple instances where users place their trust in flawed or outright broken systems based on word-of-mouth recommendations or shallow media endorsements.

Luckily, Wire has behaved responsibly in this respect. Unlike many of their competitors, they published security and privacy whitepapers explaining the operation of their system. Allowing a protocol to be openly evaluated by security researchers is an important part of building a secure system.

The design of the Wire protocol as described in the whitepapers is relatively good. Additionally, the changes made to the protocol since our original post have substantially improved the security of the system. Only a few of our minor complaints remain.

Issues (roughly in order of decreasing severity):

The remaining issues with Wire are relatively minor and also affect many of its competitors. Users should treat Wire passwords like they treat passwords for websites (e.g., use a strong and unique password for Wire). Users should treat the Wire application like a constantly updating web service rather than a semi-stable desktop application. Expert users operating on sensitive systems should consider sandboxing all Internet-enabled applications, including Wire. The recent improvements to the Wire protocol and Wire's admirable response to our original posting are welcome and inspire confidence in the team.

The chat features offered by Wire have a modern aesthetic that is very popular with users, and this makes Wire a very interesting offering. At this time, the security offered by the Wire protocol is comparable to Signal, and some aspects of the user experience are superior (e.g., Wire does not require the use of phone numbers as identifiers). Users should consider Wire as a good alternative to other secure messaging systems, and users of insecure platforms like text messaging should strongly consider the use of secure messaging applications.


Cryptography, Security, and Privacy Research Group
David R. Cheriton School of Computer Science
University of Waterloo
Waterloo, Ontario, Canada N2L 3G1
Tel: 519-888-4567 x36163
Fax: 519-885-1208

Contact | Feedback: crysp@cs.uwaterloo.ca | Cryptography, Security, and Privacy (CrySP)

Valid HTML 4.01!Valid CSS! Last modified: Tuesday, 10-Jul-2018 16:23:53 EDT