[liberationtech] Encrypted SMS

Mary Joyce marycjoyce at gmail.com
Thu Oct 7 09:39:09 PDT 2010 

I also admit that my knowledge of encryption is limited, but my friend
Nathan Freitas (nathanfreitas at gmail.com) built an SMS encryption app for
Android called Guardian<http://openideals.org/2009/08/12/guardian-project-sms-encryption-non-options-for-android/>.
Even if this is not what you are looking for, Nathan would be a great person
to talk to.

Mary


On Thu, Oct 7, 2010 at 4:37 AM, oli <oli at cryptosms.org> wrote:

> Dear Graham,
> dear Pranesh,
>
> thanks for forwarding this to the project!
>
> Graham, a proper code review never happened due to the small scale of
> the project. We once made an effort and asked people with some
> reputation in this field, but without success.
>
> The current version has seen a couple of bugs removed. The crypto
> scheme itself of course is a standard implementation. As well as the
> aes256 symmetric encryption of all data csms produces on the phone as
> the addressbook.
>
> Currently we are (with no that much time though) developing a desktop
> version to allow easier csms sendings, and list etc. This has been a
> feature request for a long time already. This is JSE based.
>
> Regarding the strict separation Pranesh mentions: we got a lot of
> feedback on this and some is critical. So, maybe the next version (if
> there will be one, we applied for grants for development but failed)
> will be a complete replacement of the "normal" sms app. It has
> advantages for the users, but in strict crypto and security terms, we
> hesitate to do that. Well, let's see...
>
> Where does your interest come from?
>
> Oh, and yes there are other solutions like the ones Pranesh mentioned.
> But who wants closed source for crypto?
>
> Regards, Oli
>
>
>
> Pranesh Prakash wrote:
> > Dear Graham,
> > I'm no cryptographer, unlike many on this list, so I'll stick to sharing
> > my experience with CryptoSMS.
> >
> > I've used CryptoSMS and it works as advertised, and works well.  I
> > installed it on my phone, shared keys over SMS while face-to-face, and
> > compared hashes. But I have over the past year built up a directory of
> > exactly five people with whom I could communicate using CryptoSMS. Apart
> > from that, It is much more difficult to use than something like OpenGPG
> > for e-mail, especially because its content store is by design kept
> > separate from all your other SMSes.
> >
> > It is the only such FOSS project that I know.  [Kryptext][1] and the
> > very strange [SMS 007][2] have been mentioned in a [blog post by Patrick
> > Philip Meier][3].
> >
> > I'm roping in Oli, a lead CryptoSMS developer, into the discussion.
> >
> > Regards,
> > Pranesh
> >
> >  [1]: http://www.kryptext.com/
> >  [2]: http://goo.gl/N0Ic
> >  [3]: http://irevolution.wordpress.com/2009/06/15/digital-security/
> >
> > On Thursday 07 October 2010 01:15 PM, Graham Smith wrote:
> >> I'm very interested in mobile technology, and I've been wondering what
> >> open source solutions exist for encrypted SMS messaging using PKI.
> >>
> >> The only obvious project that has come to my attention in this field is
> >> called CryptoSMS[1], which is licensed under the GPL, and uses ECC for
> >> encrypting SMS messages between phones. Key sharing is also done over
> >> SMS, directly between any two phones which wish to communicate securely.
> >> Their recommendation is to visually compare the hash of the public key
> >> on the recipient phone to verify that it has been shared correctly.
> >>
> >> I've not been able to find any serious review of CryptoSMS, or any other
> >> implementation of secure SMS messaging. Would any of you helpful people
> >> be able to point me the right way, or share your thoughts?
> >>
> >> BR,
> >>
> >> Graham
> >>
> >>
> >> [1] http://cryptosms.org/
> >>
> >>
> >>
> >> _______________________________________________
> >> liberationtech mailing list
> >> liberationtech at lists.stanford.edu
> >>
> >> Should you need to change your subscription options, please go to:
> >>
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
MARY C. JOYCE
Founder | The Meta-Activism Project  | Meta-Activism.org
"Digital Activism Decoded"  |  New Book Drops in Summer 2010
Mobile | +1.857.928.1297
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20101007/cbca6409/attachment.html>

More information about the liberationtech mailing list