- a protocol based off the highly vetted and trusted Off-The-Record protocol
- perfect forward secrecy, a very important thing in cryptography as you can drastically reduce the number of possible attacks in certain scenarios
- real cryptographers doing implementation and review of the software
- a good open source implementation of this cryptography
Don't get me wrong, I have a few irks about TextSecure with regards to the way the open source project is managed (see: their conflicts with F-Droid and such), but I really have to question why anyone would use some piece of crap cranked out for publicity (such as this or Heml.is) when there are solid options available which clearly offer superior security.
- This uses an external service 'scrambls' (https://scrambls.com/) which seems to do per-message symmetric key management. Therefore, the owners of this service can read all your messages.
- The thing which seems to be sent along with the ciphertext is an 'XID' which is sent to scrambls and exchanged for the raw AES message encryption key. There doesn't seem to be any binding to the recipient in this step(?)
- The encryption of messages is AES-CBC with PKCS#5 padding. There is no message integrity, so therefore this provides no confidentiality under CCA2.
In conclusion, this is the sort of thing you should expect from a secure messaging app. (TextSecure excepted.)
Having access to source is no guarantee of security or correctness (see Heartbleed) but relying on any of these secure messaging apps seems optimistic. Writing correct crypto code is hard and John McAfee's involvement offers no assurances.
Especially since his stint with the authoroties of Belize and his subsequent escape from said country... I thought it was a very entertaining story, but professional suicide for him.
Libre is a prerequisite, gratis isn't. This is an important distinction to make. While it is true that this software seems to be neither, it is important to note when we try to convince them to release it free, we mean libre and not necessarily gratis. (Although the two often go hand in hand.)
When people hear us complaining about it, they often think we want to avoid paying money for it. This is false, and a bad impression to give. That is the purpose behind making this distinction.
According to the free software definition [1], it's one of the essential freedoms:
>The freedom to study how the program works, and change it so it does your computing as you wish. Access to the source code is a precondition for this.
Absolutely not. Anything less than the 4 freedoms is unacceptable. If the program is discovered to be spying on its users and users are not allowed to modify and redistribute the source code then there is no way to fix the problem.
So that's an iPhone screenshot on what appears to be a Nexus 4 without the navigation buttons with the android contact icons but there isn't even an iOS version yet. The first screenshot in the playstore shows the windows phone version and the second is the actual android version, what?
McAfee ceased to be a brand that you'd want to be associated with a while ago, I wonder what they intend to achieve by attaching their reputation to his.
Toxic doesn't even begin to describe it, he's the IT world equivalent of a rogue.
If the source code isn't available then any claims to being secure should be treated cautiously. For instance, how do we know that there aren't heartbleed-style errors in this anti-surveillance app?
I think the biggest problem here is that the application claims to be "anti-surveillance" yet it doesn't really solve the surveillance problem, namely meta-data.
If anything this application helps surveillance by filtering out the communication from "regular" communication.
We have had encrypted messaging for ages now. I cannot tell what's new here.
Has anyone even publicly discussed how to mitigate metadata collection? I don't recall any such discussion, but this also isn't really my area of interest.
I'd imagine a system that's completely a p2p mesh network. "Oh, hello, peer. I have 17 blocks for delivery on the network." Those 17 blocks might be pieces of messages for said peer; they might be destined for other nodes anywhere in the network; maybe they're noise. And don't forget to hand those blocks off to other nodes as well, because maliciously dumping blocks could be a thing...
Perhaps, but then I believe each participant in the messaging system would need to run a hidden service to receive messages. I think you may be onto something here.
I do not know what your objections are. It's pretty straight forward.
I guess it's something like:
For messages: AES
Key exchange: RSA
Alice and Bob both generates their own RSA keypair (the server do not have their private keys). Alice generates the AES key to be used with Bob, encrypts it using Bobs public RSA key and then sends it to him.. done
But then how does Alice know if she's talking to the right Bob and not some evil middle-man? In other words, she has to trust the server that it is giving her the correct public key.
Oh wow. It uses a very innovative REST key exchange protocol.
Encryption:
* Messages are encrypted with AES 128 CBC
* Random key for each message
* The AES key is sent to the server, and exchanged for some key-id
* They key id is prepended to the message
Decryption:
* Split message into key id and encrypted part
* Download key from server
* Decrypt message
Anything that claims to do 'APP X' with 'encryption' these days should not put itself out there without posting a full (and RECENT) security audit by an un-biased third party.
Otherwise, I'm going to assume you are still leaky as hell, make mistakes and have not cleaned up your code, etc.
And no, claiming you are 'open source' doesn't cover it (And I Don't even have to refer to Heartbleed here)
When is the iOS client going to be released? It's kind of interesting that this comes up on HN and at the same time a security leak [0] in the iOS email client is found.
Do the phones have to be online at the same time in order to send the first key or does a Chadder server distribute the keys to each pair of users but simply not store the key after it's distribution?
Sorry if this question sounds ignorant, the details and best practices of encryption are way over my head.
Even if it's not directly relevant to the product in question but I always think it's a bit weird to promote a "secure" product and don't even have SSL enabled on your own website. It's not like it's expensive to get a simple certificate these days.
I'm confused. Does this app uses public key encryption? if so, how do I obtain the actual public keys of all my contacts? Do we have to personally meet and exchange the public keys?
So the client is open source but the server and backend isn't, same as Telegram? What is the point? That and McAfee doesn't exactly inspire confidence.
Sorry, I assumed it was clients were open sources based on the article. Now that I looked it appears that is not the case. So ... it is safe because John McAfee?
Nothing against John McAfee, I have no idea what happened in Belize, and he can probably have a wonderful career as a reality TV star or a similar effort.
But I wouldn't touch a security product he offers with a 20 foot pole. Literally I wouldn't even visit the site, let alone hover my mouse over the download link.
And no, not because of McAfee Antivirus, but despite it.
