Skip to main content

Secure Chat Conversations

Information Technology Blog - - Secure Chat Conversations - Information Technology Blog

Sometimes you need to chat about something and can’t risk that information falling into the wrong hands. It could be sensitive company information or personal data.

Fortunately, you don’t need to install an encryption engine and can take advantage of several chat apps available. These apps are available as web based and mobile.

ChatCrypt

ChatCrypt performs a military-class AES-256 CTR encryption on chat messages, thus no one can read them except the participants who knows the same secret password. Unlike traditional so-called “secure chats” where only the connection is secured between the browser and the server, thus on server side all messages can be readed and logged in plain text format, ChatCrypt approaches the problem from a different perspective: it encrypts the messages itself before they leave the browser’s frontend utilizing the AES-256 algorithm in CTR mode with a secret password specified by the user.

With this simple, but unquestionably most effective solution decryption of any message is only possible with the knowledge of the passphrase given at the inital encryption stage. So there is no need to secure the connection, messages travels in their encrypted form inside the entire pipeline. On server side there is no known solution to break that cipher in a reasonable time, so the conversations remains private between the participants who joined a room with the same password.

Chatcrypt
ChatCrypt holds the encrypted form of the messages only temporarily in the server’s memory for less then 10 seconds, so there is no real chance to retrieve even the ciphered texts.

Most people think that if a website uses a HTTPS connection (especially with the green address bar) then their “typed-in” informations are transmitted and stored securely. This is only partially true. The transmission is encrypted well, so no third party can sniff those informations, but there is no proof that the website owners will handle them with maximum care, not mentioning that the suitable laws can enforce anyone to serve stored data for the local authorities.

Overall, this means that if anyone uses a chat service with similar security technology, the conversiation will be visible for the participants and (at least) for the website owners. That case is probably not acceptable in every situation, especially where mission critical informations have to be exchanged.

ChatCrypt’s unique encryption feature ensures that only and exclusively the participants of a room with a shared password are able to read each others messages. More precisely, anyone else who may acquires the conversation without the knowledge of the password won’t be able to decode it.

How Chatcrypt Works

ChatSecure

ChatSecure allows you to set a master password to keep prying eyes out of the chat app itself, supports WiFi Mesh Chat (chatting with others on the same local wireless or mesh network ─ no server required), and even enables you to create anonymous “burner” chat accounts. If you have to do anonymous chatting, and you’re behind a firewall, you can install the Orbot proxy tool, which will get you through. (Orbot is also required to create “burner” accounts.) With ChatSecure, two-way encryption can’t take place until a user has been verified (done through the app). Once verified, you can encrypt conversations and each sent message will indicate if it is encrypted or not.

Surespot Encrypted Messenger

Surespot Encrypted Messenger is an end-to-end symmetric encryption messaging tool (using 256-bit AES-GCM encryption) that creates keys using 521 bit ECDH shared secret derivation. It’s private — period. The best thing about Surespot is that all the privacy is built-in, so you won’t even notice the security layer.

Whereas SSL can be thought of as client to server encryption where the hops cannot access the plain text but the server can, end to end encryption encrypts the data so that only the end users can decipher it. No one along the network route the message takes from one client to another, not any of the hops, not even the surespot server, can view the contents of the data. Only user 1 and user 2.

Encryption is an electronic lock and key system. You take a plain text message and encrypt it using a key (secret). You can then decrypt the message using the same key. Pretty simple. You encrypt data at one end using the key, send it over all the network’s hops and servers, and at the other end it can be read because the key is known. None of the hops and servers in-between can read it because they don’t know the key.

Say user 1 encrypts a message for user 2 with a key, then user 2 decrypts it using the same key. Simple right, except for the fact that user 2 needs to know the key! Somehow we need to get the key to user 2 but how can we send it over the network? Surespot can’t encrypt it because we need a key to encrypt so we have a catch 22. Or a chicken and egg situation. The answer is Surespot don’t send the key over the network. Well not the key we’re using to encrypt the messages at least.

How Surespot Works

Tox

Tox is somewhat new to the world of secure chatting. It was created as a reaction to concerns of Skype’s privacy (or lack thereof). Tox uses dispersed networking and strong cryptography to create a secure (using NaCl crypto library) messaging system for everyone. Users are assigned a private and public key and connect to one another directly — no middleman or third party involved.

tox
With Tox, you can do text, phone, and video, all secure. Tox is free, open source, and available on Linux, Windows, and Mac. Its interface is incredibly easy to use (anyone of any skill level can start using right away) and doesn’t require you to connect with your Facebook, Google, Twitter, or any other account.

Tox began a few years ago, in the wake of Edward Snowden’s leaks regarding NSA spying activity. The idea was to create an instant messaging protocol that ran without any kind of central servers. The system would be distributed, peer-to-peer, and encrypted end-to-end, with no way to disable any of the encryption features; at the same time, the protocol would be easily usable by the layperson with no practical knowledge of cryptography or distributed systems. Work began during the Summer of 2013 by a single anonymous developer (who continues, to this day, to remain anonymous). This lone developer put together a library implementing the Tox protocol. The library provides all of the messaging and encryption facilities, and is completely decoupled from any user-interface; for an end-user to make use of Tox, they need a Tox client. Fast-forward a few years to today, and there exist several independent Tox client projects, and the original Tox core library implementation is nearing completion (in terms of features). Tox (both core and clients) has thousands of users, hundreds of contributors, and the project shows no sign of slowing down. Recently, a group of some of the project’s major contributors have formed The Tox Project, an organization built around the protection, promotion, and advancement of Tox and its development.

How Tox Works

Originally posted 2012-07-27 17:33:00. Republished by Blog Post Promoter

The post Secure Chat Conversations appeared first on Information Technology Blog.



Udimi - Buy Solo Ads from Information Technology Blog https://ift.tt/2hAusiW
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi...
Post a Comment
Read more

Emulating USB Dongle – Introducing HASP Dongle Emulator Software

Information Technology Blog - - Emulating USB Dongle – Introducing HASP Dongle Emulator Software - Information Technology Blog Over the years the methods used by software developers and producers to limit the amount of users to a specific number in a licensing agreement have become more complex.  The aim of copy protection is to protect the intellectual rights and financial investment of the individual developers and manufacturing companies.   A way of getting around this protection is to reproduce the media through which you can deliver the application to other users,  meaning that the software can be replicated far in excess of that specified in the license. One of the most common methods has been to use hardware keys or dongles which will enable the user to activate an application, unlocking its full functionality without using a device.  In addition, it offers good protection against attempts to pirate the software. In this article, we will look at th...
1 comment
Read more