[codahale]

* No confidentiality. All communications are sent plaintext. They plan to "add support in the future when solid approaches emerge".

* Non-repudiable. Everything you send is signed with the public key on your GitHub account.

* Uses SHA1. (via the ghsign NPM module)

* Uses mDNS and BlueTooth LE and a gossip topology algorithm, so I'm not sure what would prevent a random third party from eavesdropping.

I would hesitate to market this as "secure".

[zmanian]

Aren't WebRTC data channel encrypted by default?

http://www.html5rocks.com/en/tutorials/webrtc/datachannels/

[codahale]

Apparently so. It uses DTLS, but I'm not sure where the certificates for that would come from or how their authenticity is verified. If it's all self-signed, then your best solution is TOFU (trust on first use). Otherwise your confidentiality and integrity are completely dependent on your network position.

[n8ji]

Contributions welcome! This is very alpha (in fact it's about five days old). Improvements come from the community.

https://github.com/moose-team/friends/issues

[13]

Then why the hell are you advertising it as "secure"? There's utterly nothing secure about it.

[barbs]

From the home page:

Messages are not end-to-end encrypted, and this is not an anonymous system. See below for more details. We use the term 'secure' here to mean that we do not use plaintext transports.

Although to my admittedly meagre security knowledge, I would've assumed that "no plaintext transports" would mean it was encrypted end-to-end.

[codahale]

I really really really don't recommend outsourcing your security architecture to interested passers-by if that's going to be a core feature of your project.

[JulianMorrison]

  package main
  import "fmt"

  func main(){
    fmt.Println("Hello World")
    // Contributions welcome!
  }

[drtse4]

But, real crypto.

(Seriously, what's that supposed to mean? Should that increase my confidence in how "secure" this is?)

[grrowl]

> When you send messages, they're signed with your SSH key

It seems to me that they're encrypted with your private key and paired with "username". The client then attempts to decrypt using the public key associated with that username on github.

In this system, the receiver and any MITMs (okay, so everyone) know it came from "the real grrowl according to github" — authenticated but not confidential at all.

[codahale]

Two things:

First, you're describing RSA signatures. "Encrypt X with your private key" means "X^D mod N" which is how RSA signatures work. In the context of RSA-based cryptosystems, it's clearer to just say "signed".

Second, the ghsign library uses the `RSA-SHA1` signer, which runs the message through SHA1 before signing it. The reason it does this is because "textbook" RSA (i.e. RSA on arbitrary messages) is vulnerable to chosen-plaintext attacks.

[grrowl]

This is an invaluable comment — thank you.