[liberationtech] Encrypted SMS
Nathan Freitas
nathan at freitas.net
Thu Oct 7 10:32:21 PDT 2010
I was keeping quiet, but now my name has popped up, so I have to say hello.
As Oli points out, we have talked in the past. Our focus has been on Tor
and Off-the-Record Chat encryption apps than SMS, and we did not
directly port or collaborate with the CryptoSMS project.
This is partly due to the fact that WhisperSystems has released an
excellent encrypted SMS app for Android called "TextSecure". However, it
is unfortunately closed source at the moment, something that we hope
will change with the right conditions.
Otherwise, we are planning if time and resources allow to extend our
work to J2ME/Nokia handsets, as a large part of the world obviously is
still running on these. An encrypted non-data (GSM only) messaging
solution that is simple and usable would obviously be at the top of our
list.
+Nathan
(if you want to learn more about what we are actively working on you can
always go here: https://guardianproject.info/apps/)
On 10/07/2010 12:39 PM, Mary Joyce wrote:
> I also admit that my knowledge of encryption is limited, but my friend
> Nathan Freitas (nathanfreitas at gmail.com
> <mailto:nathanfreitas at gmail.com>) built an SMS encryption app for
> Android called Guardian
> <http://openideals.org/2009/08/12/guardian-project-sms-encryption-non-options-for-android/>.
> Even if this is not what you are looking for, Nathan would be a great
> person to talk to.
>
> Mary
>
>
> On Thu, Oct 7, 2010 at 4:37 AM, oli <oli at cryptosms.org
> <mailto:oli at cryptosms.org>> wrote:
>
> Dear Graham,
> dear Pranesh,
>
> thanks for forwarding this to the project!
>
> Graham, a proper code review never happened due to the small scale of
> the project. We once made an effort and asked people with some
> reputation in this field, but without success.
>
> The current version has seen a couple of bugs removed. The crypto
> scheme itself of course is a standard implementation. As well as the
> aes256 symmetric encryption of all data csms produces on the phone as
> the addressbook.
>
> Currently we are (with no that much time though) developing a desktop
> version to allow easier csms sendings, and list etc. This has been a
> feature request for a long time already. This is JSE based.
>
> Regarding the strict separation Pranesh mentions: we got a lot of
> feedback on this and some is critical. So, maybe the next version (if
> there will be one, we applied for grants for development but failed)
> will be a complete replacement of the "normal" sms app. It has
> advantages for the users, but in strict crypto and security terms, we
> hesitate to do that. Well, let's see...
>
> Where does your interest come from?
>
> Oh, and yes there are other solutions like the ones Pranesh mentioned.
> But who wants closed source for crypto?
>
> Regards, Oli
>
>
>
> Pranesh Prakash wrote:
> > Dear Graham,
> > I'm no cryptographer, unlike many on this list, so I'll stick to
> sharing
> > my experience with CryptoSMS.
> >
> > I've used CryptoSMS and it works as advertised, and works well. I
> > installed it on my phone, shared keys over SMS while
> face-to-face, and
> > compared hashes. But I have over the past year built up a
> directory of
> > exactly five people with whom I could communicate using
> CryptoSMS. Apart
> > from that, It is much more difficult to use than something like
> OpenGPG
> > for e-mail, especially because its content store is by design kept
> > separate from all your other SMSes.
> >
> > It is the only such FOSS project that I know. [Kryptext][1] and the
> > very strange [SMS 007][2] have been mentioned in a [blog post by
> Patrick
> > Philip Meier][3].
> >
> > I'm roping in Oli, a lead CryptoSMS developer, into the discussion.
> >
> > Regards,
> > Pranesh
> >
> > [1]: http://www.kryptext.com/
> > [2]: http://goo.gl/N0Ic
> > [3]: http://irevolution.wordpress.com/2009/06/15/digital-security/
> >
> > On Thursday 07 October 2010 01:15 PM, Graham Smith wrote:
> >> I'm very interested in mobile technology, and I've been
> wondering what
> >> open source solutions exist for encrypted SMS messaging using PKI.
> >>
> >> The only obvious project that has come to my attention in this
> field is
> >> called CryptoSMS[1], which is licensed under the GPL, and uses
> ECC for
> >> encrypting SMS messages between phones. Key sharing is also done
> over
> >> SMS, directly between any two phones which wish to communicate
> securely.
> >> Their recommendation is to visually compare the hash of the
> public key
> >> on the recipient phone to verify that it has been shared correctly.
> >>
> >> I've not been able to find any serious review of CryptoSMS, or
> any other
> >> implementation of secure SMS messaging. Would any of you helpful
> people
> >> be able to point me the right way, or share your thoughts?
> >>
> >> BR,
> >>
> >> Graham
> >>
> >>
> >> [1] http://cryptosms.org/
> >>
> >>
> >>
> >> _______________________________________________
> >> liberationtech mailing list
> >> liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>
> >>
> >> Should you need to change your subscription options, please go to:
> >>
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> <mailto:liberationtech at lists.stanford.edu>
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
>
> --
> MARY C. JOYCE
> Founder | The Meta-Activism Project | Meta-Activism.org
> "Digital Activism Decoded" | New Book Drops in Summer 2010
> Mobile | +1.857.928.1297
>
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
More information about the liberationtech
mailing list