[messaging] Crypto standards in modern-day consumer apps

Van Gegel torfone at ukr.net
Sun Jun 21 00:48:44 PDT 2020

Most messengers provide only the illusion of security. They sacrifice basic rules for the convenience of ordinary users without caring for those who really need security.

Really safe messenger MUST:
- never updated remotely;
- does not integrate with other services (for example, does not use phone numbers or mail as an ID);
- has powerful ID protection in its protocol;
- provides plausible deniability of having contact in book.

I tried to implement these requirements in my Torfone: https://github.com/gegel/torfone

The onion address is generated locally and uses as ID.
Authentication is performed independently of Tor using own keys. The IDs of  caller and callee are protected with PFS (by adding the SPEKE protocol result to the hash of the signal's tDH). The session key is output using a simple DH: tDH result is used only for authentication. This makes it possible to receive calls from unauthenticated subscribers (with the corresponding notification). During a call any subscriber can add his or other contact to your address book, so you can explain the presence of a compromising contact in it. Open source makes it easy to check the protocol for leaks.

20 June 2020, 22:41:50, by "Mikalai Birukou" <mb at 3nsoft.com>:

>> Occasionally I worry that one day the credibility of end-to-end encryption will be harmed, because it will turn out that one of the big players has built in back doors or is changing public keys for targeted intercept. And then we (the 'experts') will say, ah ha! In fact, we never claimed these systems were secure against such attacks. And all the general public will hear is, "you said tech firms couldn't read our messages and you were wrong".
>> The restrictions WhatsApp put on forwarding messages might be an early sign of what's to come.
>> https://slate.com/technology/2020/04/whatsapp-message-forwarding-disinformation-coronavirus.html
>> Cryptographically, the double ratchet/AES/Noise/etc are all designed to stop a MITM detecting if the same message is being sent twice. This is a core algorithmic property that cryptographers stress over. In the real world, when Facebook decided they had a moral obligation to fight "rumours" they just modified the software to stop people forwarding messages. When the MITM controls the endpoints it's unclear what meaning cryptography actually has, beyond time limited legal arguments.
> That day you worry about has already past... for those that missed it, this story broke last week:
> https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez
> "Facebook worked with a third-party company to develop the exploit and did not directly hand the exploit to the FBI; it is unclear whether the FBI even knew that Facebook was involved in developing the exploit. According to sources within the company, this is the first and only time Facebook has ever helped law enforcement hack a target.
> This previously unreported case of collaboration between a Silicon Valley tech giant and the FBI highlights the technical capabilities of Facebook, a third-party hacking firm it worked with, and law  enforcement, and raises difficult ethical questions about when—if ever—it is appropriate for private companies to assist in the hacking of their users. The FBI and Facebook used a so-called zero-day exploit in the privacy-focused operating system Tails, which automatically routes all of a user's internet traffic through the Tor anonymity network, to unmask Hernandez's real IP address, which ultimately led to his arrest."

Wonderful. Yet another example of news that is attached to worrying 
about existing privacy/security tech, while details show that tech 
wasn't easy to breach. I have a question.

Should we ask a less technical question. Why there are these global 
giant platforms, where it is easy for a social predator to find victims?

Here is verge from 2017: 

Spot the similarity. In a mean time I will scream into void: "Why signal 
tells everyone in my address book that I have signal app installed?"

Messaging mailing list
Messaging at moderncrypto.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20200621/78b668f9/attachment.html>

More information about the Messaging mailing list