Hm, looks like group-chat uses shared secret, AES CBC without any form of authentication? So I guess it's not just using null cipher. I'm not sure if I'd go as far as to call it "actually secure", though?
Well, as far as I can figure out, there's no authentication of the plain/cipher-texts? Just an attempt at blind decryption? [ed: encryption without authentication is almost always a bad idea - I'm not clear on what's the status of the various Android versions - but I think you should be able to use AES-GCM -- which of course is a stream cipher. Not sure if one would want to frame that in order to try to leak less info about message lengths or not. I suppose one might frame the plain-text messages in 1k blocks or something before encryption, and unwrap the padding after decryption (of an authenticated cipher).]
Gilgamesh works similar, but is really only a message spreading method, which uses the Bluetooth name to spread messages. Consequently, it can only provide public messages and encryption won't also work. The devices do not connect to each other.
It is the equivalent of people shouting in a crowd.
https://github.com/Marlinski/Rumble/blob/master/app/src/main...
Hm, looks like group-chat uses shared secret, AES CBC without any form of authentication? So I guess it's not just using null cipher. I'm not sure if I'd go as far as to call it "actually secure", though?
https://github.com/Marlinski/Rumble/blob/262a8b0a618c9f90457...