[liberationtech] SMS questions

Francisco Ruiz ruiz at iit.edu
Thu Aug 29 08:23:52 PDT 2013 

You may want to take a look at PassLok, which has a special SMS mode to
create encrypted messages that are exactly 160 characters long. I just made
a more secure source server at: https://www.autistici.org/passlok. There is
also a GitHub page at: https://github.com/fruiz500/passlok

Since autistici.org is self-certified, you will get a warning. Then you'll
have to decide whether your trust them or not, and whether you want to add
their certificate. If you decide to test PassLok, please inspect the source
code before you execute it.

PassLok works completely client-side and does not connect to any servers or
apps. Its output is encrypted base64 text, which you can copy and paste
into SMS if you like. Be aware, however, that an intercepted SMS will look
like what it is: encrypted stuff. If reprisals could come just from using
encryption, then don't use PassLok.

You should also be aware that other users of libTech believe that PassLok,
like every app written in javascript, is inherently insecure. I believe
that the same could be said of any compiled code, for that matter, but
that's a different debate.

I'm available for technical support if you need it.


On Tue, Aug 27, 2013 at 11:36 AM, Richard Brooks <rrb at acm.org> wrote:

> I have colleagues living in a small country, far, far
> away with a history of rigged elections who want to
> put in place a system for collecting information
> using SMS. The local government keeps shutting
> down the systems that they put in place.
>
> I think I understand their needs and wants. SMS is
> really not my strong point. If anyone with an understanding
> of SMS, SMS web interfaces, and/or related security issues
> would be willing to point me in the right direction
> (or discuss potential issues) I (and by extension
> they) would be grateful.
>
> The alternative is for me to dedicate my excess cycles
> to researching those issues from scratch, which sounds
> time consuming. They kind of need help in the near future.
>
> -Richard
> --
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>



-- 
Francisco Ruiz
Associate Professor
MMAE department
Illinois Institute of Technology

PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok

get the PassLok privacy app at: http://passlok.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130829/1d99c8b6/attachment.html>

More information about the liberationtech mailing list