5 Ways To Send Secret Messages
http://www.deepdotweb.com/2015/02/13/5-ways-to-send-secret-messages/
POSTED BY: DEEPDOTWEB FEBRUARY 13, 2015 IN ARTICLES, FEATURED LEAVE A COMMENT
TextSecure is a free and open-source encrypted messaging application for Android. Open Whisper Systems improved Off-the-Record Messaging (OTR) protocol in some secrecy aspects, and added a mechanism to allow the ephemeral key negotiation to work asynchronously. The TextSecure protocol uses Curve25519, AES-256, and HMAC-SHA256 as primitives.
The TextSecure application allows people to send text and audio messages, photos, videos, contact information. Messages sent to other TextSecure users can only be read by the recipient due to automatic end-to-end encryption.
The keys that are used to encrypt messages are stored on the user’s device, but they are protected by an additional layer of encryption. Also, TextSecure has a built-in function for verifying that the user is communicating with the right person and that no man-in-the-middle attack has occurred. This is done with key fingerprints that can be verified out-of-band.
Telegram
Telegram is a cross-platform instant messaging system whose clients are open source and servers are proprietary software. Telegram users can exchange encrypted and self-destructing messages and transfer all types of audio and video files up to 1 gigabyte in size.
Telegram was launched in 2013 by the brothers Nikolai and Pavel Durov, the founders of VK, Russia’s largest social network.
Telegram accounts are tied to the phone number of the user and the phone number associated with an account can be changed without losing messages.
The application features two types of chats. Ordinary chats use client-server encryption and can be accessed from multiple devices. Secret chats use end-to-end encryption and can only be accessed from the two participating devices. While using secret chats in official clients, messages deleted on one device are deleted on the other device too, a special message is displayed when a screenshot is taken, and messages can be set to be deleted automatically (self-destruct) at preset time intervals.
On December 1st, 2014, Telegram implemented Perfect Forward Secrecy in secret chats. This enables periodically changing the encryption keys utilized, keeping past communications safe. Official Telegram clients initiate re-keying once a key has been used to decrypt and encrypt more than 100 messages, or has been in use for more than one week, provided the key has been used to encrypt at least one message. Old keys are then discarded and cannot be reconstructed, even with access to the new keys currently in use.
On January 5th, 2015, Telegram’s standard messages were scored 3 out of 7 points on the Electronic Frontier Foundation’s secure messaging scorecard, while Telegram’s secret chats scored 6 out of 7 points. It lost one point because there has not been a recent independent code audit.
Desktop Telegram is available for Windows and Apple Mac OS.
Pidgin (formerly named Gaim) + Off-the-Record plugin
Pidgin is an open-source multi-platform instant messaging client, based on a library, that allows the user to log into various services from one application. Pidgin is an easy to use, popular and free. It supports a lot of different chat networks such as AIM, MSN, Yahoo, Bonjour, Google Talk, ICQ and XMPP.
Off-the-Record (OTR) messaging is a plugin developed specifically for Pidgin. It uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function.
The main features of using Pidgin+OTR combination are: privacy (no one else can read your instant messages), protectiveness (you are assured the correspondent is who you think it is) and deniability (the messages you send do not have digital signatures that are checkable by a third party).
However, users’ passwords are stored in a plaintext file. This password file is readable by anyone who has physical access to the computer, access to the user or administrative accounts, or (potentially) to anyone who is able to exploit security vulnerabilities on that computer. I hope that the developers will improve this omission one day.
Bitmessage
Bitmessage is a decentralized, encrypted, P2P communications protocol that can be used to send a message not only to one person, but to multiple subscribers too. Bitmessage encrypts each users’ message inbox using public-key cryptography (256-bit ECC keys and OpenSSL for cryptographic functions).
Bitmessage replicates all the messages inside its own network. So, the encrypted messages of a user is mixed with all the encrypted messages of all other users of the network, which makes it difficult to track which particular computer is the actual sender or recipient.
The original sender knows whether the recipient received the message or not (through an acknowledgement system), but the sender cannot discover which network participant is the actual recipient since all the network participants will have this encrypted message stored on their computer.
The system’s nodes store the encrypted messages for only two days before erasing them; therefore, messages are not archived in the network. And new participants of the network can only download and broadcast messages from the last two days.
All users of Bitmessage have cryptographically generated addresses (for example, BM-cbRqcFFSQUUmXFKsPJgVQPSiFA3Xash). PyBitmessage is the official instant messaging client designed for Bitmessage.
All applications and programs are easy and convenient to use, and you should try all of them before choosing the one that suits you most and don’t forget to use PGP. If you know other ways to keep your information and personal messages protected, please let me know by leaving a comment on this article!
http://www.deepdotweb.com/2015/02/13/5-ways-to-send-secret-messages/
POSTED BY: DEEPDOTWEB FEBRUARY 13, 2015 IN ARTICLES, FEATURED LEAVE A COMMENT
TextSecure is a free and open-source encrypted messaging application for Android. Open Whisper Systems improved Off-the-Record Messaging (OTR) protocol in some secrecy aspects, and added a mechanism to allow the ephemeral key negotiation to work asynchronously. The TextSecure protocol uses Curve25519, AES-256, and HMAC-SHA256 as primitives.
The TextSecure application allows people to send text and audio messages, photos, videos, contact information. Messages sent to other TextSecure users can only be read by the recipient due to automatic end-to-end encryption.
The keys that are used to encrypt messages are stored on the user’s device, but they are protected by an additional layer of encryption. Also, TextSecure has a built-in function for verifying that the user is communicating with the right person and that no man-in-the-middle attack has occurred. This is done with key fingerprints that can be verified out-of-band.
Telegram
Telegram is a cross-platform instant messaging system whose clients are open source and servers are proprietary software. Telegram users can exchange encrypted and self-destructing messages and transfer all types of audio and video files up to 1 gigabyte in size.
Telegram was launched in 2013 by the brothers Nikolai and Pavel Durov, the founders of VK, Russia’s largest social network.
Telegram accounts are tied to the phone number of the user and the phone number associated with an account can be changed without losing messages.
The application features two types of chats. Ordinary chats use client-server encryption and can be accessed from multiple devices. Secret chats use end-to-end encryption and can only be accessed from the two participating devices. While using secret chats in official clients, messages deleted on one device are deleted on the other device too, a special message is displayed when a screenshot is taken, and messages can be set to be deleted automatically (self-destruct) at preset time intervals.
On December 1st, 2014, Telegram implemented Perfect Forward Secrecy in secret chats. This enables periodically changing the encryption keys utilized, keeping past communications safe. Official Telegram clients initiate re-keying once a key has been used to decrypt and encrypt more than 100 messages, or has been in use for more than one week, provided the key has been used to encrypt at least one message. Old keys are then discarded and cannot be reconstructed, even with access to the new keys currently in use.
On January 5th, 2015, Telegram’s standard messages were scored 3 out of 7 points on the Electronic Frontier Foundation’s secure messaging scorecard, while Telegram’s secret chats scored 6 out of 7 points. It lost one point because there has not been a recent independent code audit.
Desktop Telegram is available for Windows and Apple Mac OS.
Pidgin (formerly named Gaim) + Off-the-Record plugin
Pidgin is an open-source multi-platform instant messaging client, based on a library, that allows the user to log into various services from one application. Pidgin is an easy to use, popular and free. It supports a lot of different chat networks such as AIM, MSN, Yahoo, Bonjour, Google Talk, ICQ and XMPP.
Off-the-Record (OTR) messaging is a plugin developed specifically for Pidgin. It uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function.
The main features of using Pidgin+OTR combination are: privacy (no one else can read your instant messages), protectiveness (you are assured the correspondent is who you think it is) and deniability (the messages you send do not have digital signatures that are checkable by a third party).
However, users’ passwords are stored in a plaintext file. This password file is readable by anyone who has physical access to the computer, access to the user or administrative accounts, or (potentially) to anyone who is able to exploit security vulnerabilities on that computer. I hope that the developers will improve this omission one day.
Bitmessage
Bitmessage is a decentralized, encrypted, P2P communications protocol that can be used to send a message not only to one person, but to multiple subscribers too. Bitmessage encrypts each users’ message inbox using public-key cryptography (256-bit ECC keys and OpenSSL for cryptographic functions).
Bitmessage replicates all the messages inside its own network. So, the encrypted messages of a user is mixed with all the encrypted messages of all other users of the network, which makes it difficult to track which particular computer is the actual sender or recipient.
The original sender knows whether the recipient received the message or not (through an acknowledgement system), but the sender cannot discover which network participant is the actual recipient since all the network participants will have this encrypted message stored on their computer.
The system’s nodes store the encrypted messages for only two days before erasing them; therefore, messages are not archived in the network. And new participants of the network can only download and broadcast messages from the last two days.
All users of Bitmessage have cryptographically generated addresses (for example, BM-cbRqcFFSQUUmXFKsPJgVQPSiFA3Xash). PyBitmessage is the official instant messaging client designed for Bitmessage.
All applications and programs are easy and convenient to use, and you should try all of them before choosing the one that suits you most and don’t forget to use PGP. If you know other ways to keep your information and personal messages protected, please let me know by leaving a comment on this article!
