[liberationtech] Encrypted SMS

oli oli at cryptosms.org
Thu Oct 7 09:55:27 PDT 2010 

Dear all,

(actually I now realize having posted to a list. Sorry for my
intervention as I did not introduce myself and have no idea what this
list exactly about.)

I talked with Nathan on the issues last year, and we thought porting
Cryptosms.org to Android would be a great thing to do.
Unfortunately this never became concrete. We, the csms developers
understand the lack of an android version very well, but we decided
that it is too much to take care of that for us.
But anyone interested in porting Cryptosms.org to Android is higly
welcome and will definitely get support from us (of course this has to
be under some GPL like license).
And then, of course, we should have a chat with Nathan as well again.

Cheers, Oli

Mary Joyce wrote:
> I also admit that my knowledge of encryption is limited, but my
> friend Nathan Freitas (nathanfreitas at gmail.com) built an SMS
> encryption app for Android called
> Guardian<http://openideals.org/2009/08/12/guardian-project-sms-encryption-non-options-for-android/>.
>  Even if this is not what you are looking for, Nathan would be a
> great person to talk to.
> 
> Mary
> 
> 
> On Thu, Oct 7, 2010 at 4:37 AM, oli <oli at cryptosms.org> wrote:
> 
>> Dear Graham, dear Pranesh,
>> 
>> thanks for forwarding this to the project!
>> 
>> Graham, a proper code review never happened due to the small
>> scale of the project. We once made an effort and asked people
>> with some reputation in this field, but without success.
>> 
>> The current version has seen a couple of bugs removed. The crypto
>>  scheme itself of course is a standard implementation. As well as
>> the aes256 symmetric encryption of all data csms produces on the
>> phone as the addressbook.
>> 
>> Currently we are (with no that much time though) developing a
>> desktop version to allow easier csms sendings, and list etc. This
>> has been a feature request for a long time already. This is JSE
>> based.
>> 
>> Regarding the strict separation Pranesh mentions: we got a lot of
>>  feedback on this and some is critical. So, maybe the next
>> version (if there will be one, we applied for grants for
>> development but failed) will be a complete replacement of the
>> "normal" sms app. It has advantages for the users, but in strict
>> crypto and security terms, we hesitate to do that. Well, let's
>> see...
>> 
>> Where does your interest come from?
>> 
>> Oh, and yes there are other solutions like the ones Pranesh
>> mentioned. But who wants closed source for crypto?
>> 
>> Regards, Oli
>> 
>> 
>> 
>> Pranesh Prakash wrote:
>>> Dear Graham, I'm no cryptographer, unlike many on this list, so
>>> I'll stick to sharing my experience with CryptoSMS.
>>> 
>>> I've used CryptoSMS and it works as advertised, and works well.
>>> I installed it on my phone, shared keys over SMS while
>>> face-to-face, and compared hashes. But I have over the past
>>> year built up a directory of exactly five people with whom I
>>> could communicate using CryptoSMS. Apart from that, It is much
>>> more difficult to use than something like OpenGPG for e-mail,
>>> especially because its content store is by design kept separate
>>> from all your other SMSes.
>>> 
>>> It is the only such FOSS project that I know.  [Kryptext][1]
>>> and the very strange [SMS 007][2] have been mentioned in a
>>> [blog post by Patrick Philip Meier][3].
>>> 
>>> I'm roping in Oli, a lead CryptoSMS developer, into the
>>> discussion.
>>> 
>>> Regards, Pranesh
>>> 
>>> [1]: http://www.kryptext.com/ [2]: http://goo.gl/N0Ic [3]:
>>> http://irevolution.wordpress.com/2009/06/15/digital-security/
>>> 
>>> On Thursday 07 October 2010 01:15 PM, Graham Smith wrote:
>>>> I'm very interested in mobile technology, and I've been
>>>> wondering what open source solutions exist for encrypted SMS
>>>> messaging using PKI.
>>>> 
>>>> The only obvious project that has come to my attention in
>>>> this field is called CryptoSMS[1], which is licensed under
>>>> the GPL, and uses ECC for encrypting SMS messages between
>>>> phones. Key sharing is also done over SMS, directly between
>>>> any two phones which wish to communicate securely. Their
>>>> recommendation is to visually compare the hash of the public
>>>> key on the recipient phone to verify that it has been shared
>>>> correctly.
>>>> 
>>>> I've not been able to find any serious review of CryptoSMS,
>>>> or any other implementation of secure SMS messaging. Would
>>>> any of you helpful people be able to point me the right way,
>>>> or share your thoughts?
>>>> 
>>>> BR,
>>>> 
>>>> Graham
>>>> 
>>>> 
>>>> [1] http://cryptosms.org/
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________ 
>>>> liberationtech mailing list liberationtech at lists.stanford.edu
>>>> 
>>>> 
>>>> Should you need to change your subscription options, please
>>>> go to:
>>>> 
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> _______________________________________________ liberationtech
>> mailing list liberationtech at lists.stanford.edu
>> 
>> Should you need to change your subscription options, please go
>> to:
>> 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
> 
> 
>

More information about the liberationtech mailing list