[liberationtech] Encrypted SMS

Moxie Marlinspike moxie at thoughtcrime.org
Thu Oct 7 11:17:47 PDT 2010 

> I've not been able to find any serious review of CryptoSMS, or any
> other implementation of secure SMS messaging.  Would any of you
> helpful people be able to point me the right way, or share your
> thoughts?

As Danny mentioned, I work on an encrypted SMS client for Android, so
I've looked into a few other solutions along the way.

- CryptoSMS -- Last I checked this was J2ME only.  When I glanced at
their protocol, my recollection was that it isn't forward secure and
that the local encryption protocol is broken (or at least not IND-CPA
secure).

- Parandroid -- This is a fork of the stock Android messaging app with
some crypto tacked on.  The authors have done an impressive job of
maintaining the appropriate merges across all the different messaging
versions for the various Android versions, but this appears to be their
first foray into secure communication.  When I glanced at their
on-the-wire protocol, it had vulnerabilities for both secrecy,
integrity, and authenticity.  My recollection was that the local storage
protocol had the same problems.  I contacted them about it probably four
or five months ago, and to my knowledge they haven't made any
announcements or changed anything since.

- CryptoPhone -- There's an encrypted SMS app for CryptoPhone.  My
recollection is that it's forward secure.  Haven't looked at the source.
 If I recall, though, they don't use ECC and so it uses a lot of SMS
messages? Could be mistaken.

- TextSecure -- This is the app that I work on (bias stated).  It uses
ECC and has a protocol derivative of OTR, so you get forward security
and deniability.  We also support encrypted MMS messages.  We've cloned
most of the stock messaging feature and added some more.  It's a beta,
though, so while it's becoming pretty stable and I'm gaining confidence
in its security with each release, no guarantees.  It's free for
individual use, so give it a try.  We'll be making the source available
(not under an OSS license) once it comes out of beta.

> You might also want to look at TextSecure,
> http://www.whispersys.com/, which is based on OTR, but with some
> protocol changes to fit with SMS's limited size. I've cc:'d the
> author of TextSecure here Moxie Marlinspike, though I suspect he may
> be onlist anyway.

I'm not on the list, thanks for the CC though.

- moxie

-- 
http://www.thoughtcrime.org

More information about the liberationtech mailing list