[messaging] Encrypted Group Chats
Jonathan Moore
moore at eds.org
Thu Nov 27 18:57:16 PST 2014
Have you read this blog post?
https://whispersystems.org/blog/private-groups/
It has some good discussion of this topic.
On Nov 27, 2014 7:41 PM, <steve at actor.im> wrote:
> But if someone perform mitm with axolotl schema than any new message will
> be captured too. I can't spot any difference in this place.
>
> 28.11.2014, 05:37, "Stephen" <kbaegis at gmail.com>:
>
> This is a weak symmetric schema because it only requires 1 mitm per group.
> Trapdoor asymmetric at least relies on endpoint security per participant.
> In any event, more interlocutors relates to more insecurity. Is there a
> viable alternative?
> On Nov 27, 2014 6:28 PM, <steve at actor.im> wrote:
>
> Hi again!
>
> Private conversation seems to be solved in TextSecure. May be in future we
> will need to change basic algorithms and replace Axolotl Ratchet, but idea
> seems to be good for long term usage. But, it does'nt really useful for
> group conversations. We (in actor.im) are trying to find best way to do
> encrypted group communications.
>
> We know two different ways of encrypted group messaging:
> 1) Sharing one key sequence
> 2) Sending messages like the private one - one message for each recipient
>
> At the beginning we implemented the first type of group messaging based on
> rules:
> 1) First of all creator of group conversation generate some secret key,
> say, simple AES key and send to every participant of group like it do with
> private messages.
> 2) When someone invite participant to group it do the same: generates new
> AES key and send it to everyone in group plus new user.
> 3) When someone kick user it also change the group AES key and send it to
> everyone.
> 4) When someone leave group than someone from group must update group AES
> key before sending new message.
> 5) All messages are encrypted with current group AES key.
>
> This is not perfect and implemented just for testing our ideas. We can
> implement some kind of ratcheting like in Axolotl Ratchet for better future
> secrecy. We can add some better and more secure rules for group
> conversations, but in still looks bad. It doesn't feel to be secure to
> share one common key across all members of group. One of main plus of group
> is that we can easily check encryption key for group.
>
> In TextSecure for groups is used same technique as used for private
> messages. Any message is encrypted for every member in group and send like
> private message and marked as message as part of group. It looks better for
> security reasons because there are no single failure point as was with
> shared key. It is simple to implement if you already have encrypted private
> messages. But it is really hard to check keys - we need to check keys for
> everyone from group by every member of group. Also it is much much more
> traffic for this type of group encryption.
>
> In the end, it is much harder to detect that someone from group got
> totally compromised. If someone from group will be compromised than
> everyone will be compromised.
>
> Compromising one of user by adding maculous key to user's account (we
> support multiple device for one account) may be solved by manual
> verification by each group member on new key adding. For private
> conversations we use simple notification message about adding new device.
>
> After all it seems that there are no good solution for group messaging.
>
> Any ideas?
> --
> Steve K,
> CEO Actor.im
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
>
>
> --
> Steve K,
> CEO Actor.im
>
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141127/0acc096f/attachment.html>
More information about the Messaging
mailing list