CyanogenMod Integrates Text Message Encryption 118
sfcrazy writes "People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages."
Whisper System has integrated their TextSecure protocol into the SMS/MMS provider, so even third party sms apps benefit. Better yet, it's Free Software, licensed under the GPLv3+. Support will debut in Cyanogenmod 11, but you can grab a 10.2 nightly build to try it out now.
Re:They're already tracking us in WoW (Score:2, Informative)
I've seen little suggesting the NSA has been breaking much crypto at the algorithm level...most of what I've seen in the leaked materials has suggested more in the way of mitm attacks (sometimes through key forgery, as the NSA essentially has root certificate authority). The public key side of this of course still leaves that possibility entirely open if one doesn't take care to do a secure key exchange, but it's still a step in the right direction.
How keys are managed (Score:5, Informative)
The TextSecure Protocol
TextSecure's upcoming iOS client (and Android data channel client) uses a simple trick to provide asynchronous messaging while simultaneously providing forward secrecy.
At registration time, the TextSecure client preemptively generates 100 signed key exchange messages and sends them to the server. We call these "prekeys". A client that wishes to send a secure message to a user for the first time can now:
Connect to the server and request the destination's next "prekey."
Generate its own key exchange message half.
Calculate a shared secret with the prekey it received and its own key exchange half.
Use the shared secret to encrypt the message.
Package up the prekey id, the locally generated key exchange message, and the ciphertext.
Send it all in one bundle to the destination client.
The user experience for the sender is ideal: they type a message, hit send, and an encrypted message is immediately sent.
The destination client receives all of this as a single push notification. When the user taps it, the client has everything it needs to calculate the key exchange on its end, immediately decrypt the ciphertext, and display the message.
With the initial key exchange out of the way, both parties can then continue communicating with an OTR-style protocol as usual. Since the server never hands out the same prekey twice (and the client would never accept the same prekey twice), we are able to provide forward secrecy in a fully asynchronous environment.
Use the Source, Luke! (Score:4, Informative)
Same for CyanogenMod itself. Who says this addition hasn't been implemented by an NSA employee, backdoor and all?
Except that CyanogenMod itself is opensource.
You check the source yourself, and the source is seen by lots of other people. If there's a backdoor in there, someone is bound to see it.
Even if some NSA employee managed to use social engineering to sneak in an exploitable-bug while submitting a patch to improve otherwise the code, someone will end up noticing it. (e.g.: Both Debian and Android have had, at some point of time, a broken DSA generation which produced predictable key. Nonetheless, in both case the defect was noticed and corrected).
That's the whole point of RMS' rant about free and opensource being a necessity for security. If the source is open, you don't have to specifically trust the author of the source (who might either be a mole or clumsy and end up making bugs). You can instead trust the community (Debian, Android), or you could check it yourself (I'm able to do *some* light code reviewing for a few of my coding needs), or pay someone to do the checks for you (TrueCrypt is exactly getting this treatment, crowd funding style).
And even if you don't compile your binaries yourself and doubt about the binaries offer as downloads by the CyanogenMod team (perhaps the binary you download contain a backdoor that isn't in the source), several tools are here to help too:
- GPG-signing of binaries (so you know the binary you got was actually from CyanogenMod and not one of the relay of NSA which ended up serving you a booby-traped binary, exactly like their slashdot clone)
- Deterministic build (a way for several independant people to check that the binary you have are produced from the official source and not by some NSA mole inside CyanogenMod who is injecting a backdoor before publishing them. It's used by Tor, Bitcoin, etc. It's being implemented for TrueCrypt too)
- Differential build (each time there's a discussion about trusting the source, there's always someone coming up with this old paper of C's author about booby trapped self-replicating compiler. And completely forgot that the author himself proposed a way to detect such booby-trapped shit. Not that this was ever seen in the wild. But in theory it's evitable, with these technique).