[utnick]

There has been a lot of interesting development on the secure chat front lately ( secure circle, textsecure, heml.is, cryptocat etc ).

Not sure if bittorrent chat will be very interesting. Most secure chat clients encrypt on the client side so the server won't be able to read your messages, so not sure if not having a server is that big of a win here. I'm also guessing metadata would be exposed to various people on the bittorrent chat p2p net.

The one I'm most excited about right now is bitmessage. It is the only chat protocol that I feel is really revolutionary. It is also a p2p network, but the interesting thing about it is that everyone on the network gets every message ( obviously you have to have the correct keys to decrypt the messages that were meant for you ). So its impossible for an observer to tell even who is talking to who. Also they have the concept of public chans , which I think are a good mechanism to draw users. Bittorrent could do the same thing here.

[hershel]

In theory , bitmessage looks cool. But according to a review:

" Although it is very nice that people are working on creating secure and anonymous messaging systems, I am afraid that BitMessage is weak to a variety of attacks. I fear that the people working on it do not have sufficient expertise, in the fields of security and anonymity, to design and implement a proper cryptographic communications system + anonymity network. After reading the two design .pdf documents, I have identified a variety of weaknesses and overall poor design choices in the BitMessage protocol. "

And he continues to show those weaknesses.

https://bitmessage.org/forum/index.php?topic=1666.0

[c0ur7n3y]

That's a pretty old thread. They've made a lot of progress since then.

[hershel]

What i don't see (maybe haven't looked hard enough) are another security review/s.

Until bitmessage is thoroughly reviewed by serious people ,and results are displayed in a prominent place, it would be hard to trust.

[sirsar]

The dev team would love if you know someone with expertise and a bit of time to spare. We make no claims of perfection or even safety at this point.

From the homepage: Bitmessage is in need of an independent audit to verify its security.

[hershel]

I believe that they need to link to the security review i linked , not hide it in forums.

There was also someone who deanonimized bitmessage. They should link this too in a prominent place.

If they solved any of those problems , they should link to solutions and a possible review.

[sirsar]

There was also someone who deanonymized some bitmessage users' disposable identities: those who copy-pasted a link (that the client prevented them from clicking on) to a website they'd never visited before from a random user with whom they'd never communicated into a web browser that did not use any anonymizing method.

FTFY

[foobarqux]

Is it forward secure now?

[egeozcan]

I must say, I have very limited knowledge on encryption, but, can't an observer possibly encrypt many possible and likely short messages (like, "hey!" or "lol") with the public keys of some users of value and sniff the network for matches? I mean it would take a while, maybe a week, to get some results but hey, I think it's a possibility.

[y0ghur7_xxx]

can't an observer possibly encrypt many possible and likely short messages (like, "hey!" or "lol") with the public keys of some users of value and sniff the network for matches?

no. the same message does "never" encrypt to the same cypher:

    $ echo lol | gpg -e -r F8669BB7 --armor
    -----BEGIN PGP MESSAGE-----
    Version: GnuPG v1.4.11 (GNU/Linux)
    
    hQEMA2gTLr1USDZGAQf/YbbnzHvNfdqbs6hmdmIaaiZOSfW9P6Bc8tdF4MG/JbP+
    RTxbLpi4W+vXs+WrD9jdik8KuDdZV54O1mb6Ido3xrYeEPBo0Vje2eVpgUy01VUa
    2RM76NvsX1VN9rap6KvHuO/h7IFwDuAtvUUcDyFH+qK2UEHordFi+mWKqICocQt0
    WWgpCk5BVgM/1q2c2ruWxVuZs/IMh9LQGZ1i7hpkJHAYqovhghROmGarUuJYXGDi
    s6rSMpjxbXDhPMYbbhbBI4pRhgKtN2FMlKyI3XoH+LCFHsOyBmazroVYWFu+gafH
    6LU2Z65OQyJWqX5CLdwab4qpUQdht6lqkUHRJB9xdtI/AfTFF7BbRP8PR+q9GVAe
    r4I812VmBn3hwBHJzNiFDEGVkt/IDpd6M/X2Vi0xJx0LUaICL+swPVudenPuvlnt
    =zeUd
    -----END PGP MESSAGE-----
    
    
    
    $ echo lol | gpg -e -r F8669BB7 --armor
    -----BEGIN PGP MESSAGE-----
    Version: GnuPG v1.4.11 (GNU/Linux)
    
    hQEMA2gTLr1USDZGAQgAo4ZEHGWKSgwVmbC7crACvTXVtlgP4n8J/3oSohct9zrM
    SqPd4L5TWsjOh+2LlG7WQbPnpn4Tcv9c4RyPNb+1C/fWRmGhV+a3QhuC+rrus5c6
    /FPwsHTjO30N0AnCMzoXAaqDRRGw859BKazEZyxIHherU+o7wNRKrW6U1ikRd/Pu
    BwHChUZHBRmZhomrtYPbQ5cNAJQtPMj94Z8OuZeCEzPNBr3opevoMs2j+9ysOtkF
    7Cam3jTKLM3GwHSm4c7WzhdJJsXbnOn8ODYRBf++4oJChPIqeT2EssigAQuuhHlk
    pDhM40zB7hAd6MJM52cZpM3UqTe/iI4vHSrQ+pw/otI/AWY6s4aIlF5AAzoM0wAR
    FzobJ5Vbp7fBgA1SiOhEhSAdT/U2yy2jQcQN53yyX9Vqtunh3dNmCGaNNavszK8+
    =YDLc
    -----END PGP MESSAGE-----
    $

[IanCal]

As someone who doesn't know the structure of the output, what's the significance of:

    hQEMA2gTLr1USDZGAQ

At the start of each output? Is that 'lol' encrypted then followed by random bytes, or does it contain header information?

[Zash]

It's a header with a version number and the ID of the receivers key that the message was encrypted with. Base64-decode and hexdump those messages and look for 54483646 (one of the subkeys of F8669BB7). The encrypted message is after that and would look random. The format is defined in http://tools.ietf.org/html/rfc4880

edit: It's not encrypted with the primary key, but one of the subkeys.

[IanCal]

Interesting, thanks for the overview. I'll have a poke around the doc :) I've been meaning to look into more about how these things work. I understand the very high level stuff and the very low level (how to use the tools roughly and some of the maths behind it all) but not so much in-between.

[xerophtye]

While cryptography does teach us that some methods are weak against such attacks, but since they are using asymmetric crypto, that means each of my messages would be encypted with the RECIPIENT's public key. thus you really dont know WHICH messages are encrypted with teh same key. thus you can't apply such an attack.

PS: i think asymmetric crypto is secure from such attacks anyways, though isn't that way slower than symmetric crypto?

[StavrosK]

Encryption isn't hashing. The same block would encrypt to a very large number of ciphertexts.

[AJ007]

Correction its called Silent Circle, not secure circle.

I'm happy to see the surge of interest and new projects, but most of the offerings are between embarrassing and pathetic. Either the concept is being exploited for marketing purposes, the individuals involved just aren't appropriately skilled at what they are doing, or there are actual nefarious purposes. (I would agree, Bitmessage, and similar schemes could prove to be the best of the bunch.)

One could respond this is just paranoia, secure software doesn't really need to be open source. Or, we should trust someone because they did something very good in their past. What the NSA leak showed us is that paranoia is real.

Politics aside, and I've said this here before, this isn't just an issue of the NSA. For 99%+ of individuals, what the NSA is doing isn't going to damage them personally. However, those techniques damn well can. What the NSA is doing, other intelligence services are doing too. In some circumstances private companies are doing it as well. It doesn't matter if you aren't a terrorist, if you work on anything that could be very interesting or very profitable you are at a real risk of being targeted for electronic spying.

Standards need to be established:

a) If its closed source, it can not be audited and thus can be considered neither secure or insecure.

b) If it forces automated updates, it can not be secure.

c) If it runs on a leaky platform (all mobile devices so far) it can not be secure.

That should tell us, in my opinion, that the number one goal of secure chat would be a secure mobile platform -- that includes both operating system and hardware. If you take a look at the fine print on Replicant, the fully free version of Android, you'll notice nearly every supported phone has major potential holes, save for one really ugly looking thing.

[eps]

Name one platform that is not "leaky".

[StavrosK]

The most promising new protocol, in my opinion, is Pond: https://pond.imperialviolet.org/

[eps]

I was referring to (c) in AJ007's comment.

[nwh]

Bitmessage is awful for the user, and for security. Minutes to send a message due to the POW requirements, but a botnet can send as much spam as it wants. It's more an excuse to be associated with Bitcoin than to introduce any real security.

[mike-cardwell]

You may also want to check https://pond.imperialviolet.org

[hnha]

if everyone gets every message, people will store those. and at some point in the future it will be possible to decrypt them all. that makes it something I won't use.