GCHQ’s not-so-smart idea to spy on encrypted messaging apps is branded ‘absolute madness’ November 30, 2018 https://techcrunch.com/2018/11/30/g...d-messaging-apps-is-branded-absolute-madness/
That will sure suck for normal people who arent doing any crime, but then again there'll be no reason for the government to spy normal people, after all the purpose is to catch criminals. And smart criminals can easily encrypt their messages with their own algorithm. Like, each letter becomes the letter 25 positions after it, and thus the messages looks random to anyone who doesnt know the pattern. Ofc, the pattern can be more complex. So really, this will only be useful for catching stupid criminals, not the smart ones. The latter can simply message each other without using the app's encryption but their own encryption that only they know
They can't do that in P2P mode, right? Because they're not involved. Unless the app itself is backdoored. But that'd be pretty easy to detect, so it'd be risky.
Pretty much pure nonsense. One of the most difficult things to do is roll your own crypto, that's why experts tells you not to do it. Use current crypto algorythms or you're opening yourself up for a world of pain. Criminals do not use their own cryptography, lol. Perhaps what you meant to say was create their own app? This is a lot easier today when you can easily set up your own WebRTC platform.
I don't have a huge understanding on this topic, but it doesn't take a genius to convert a letter to the one 25 letters after it, if that's what you mean by "roll your own crypto". And ofc that is just an exemplary pattern, a very simple one that would be easily brute-forced, but you get what I mean
You're talking about end-to-end encryption, I think. As others note, custom crypto (and/or security by obscurity) is generally a bad idea.
https://crypto.stackexchange.com/questions/43272/why-is-writing-your-own-encryption-discouraged https://crypto.stackexchange.com/questions/58876/rolling-your-own-crypto https://security.stackexchange.com/questions/185078/rolling-your-own-crypto
Unbreakable crypto, in 5 minutes. Super-simple Code: https://blog.xrds.acm.org/2012/08/unbreakable-cryptography-in-5-minutes/ Simple XOR operation, with truly random key. Example ciphertext: GUIXVHULEBAMFGF Of course, that still does not solve the problem of securely passing the keys...
I should also have added that there isn't even a NEED for them to roll their own crypto. The original article is about "who runs the servers" not the crypto. So like I stated earlier: The simplest thing to do is roll your own app using webrtc (basically all communication apps today use webrtc). If they control the servers, the originally-posted-issue is invalidated.
Yeah, its a one-time pad. So maybe not very practical for instant messaging or similar applications (?) But this is just for show that you don't need to be high math crypto geek to implement encryption. When I read all the news how this and that agency or government want's to ban encryption, I get this funny a feeling that they think it's something new that has just been invented Heck, there was primitive ciphers even before Enigma
Well, there's that old Illuminati (aka cataract surgeons) document that resisted decryption for decades. It was basically just a substitution cipher, as I recall.
Hmmm...Interesting, I have to dig some more info about that. I just love digging history stuff. And especially when you find things that were invented long time ago and can still resist the test of time (that Vernam cipher for example was invented before WWII)
I'm not aware of any mobile communications app that doesn't use WebRTC today. It is really easy to implement thanks to Chromium embedded. It's a good thing, you now know they don't use some crappy voice implementation. On the desktop, apps like Wire, Discord, Skype, etc all use WebRTC, usually via Electron (Chromium). WebRTC has created a simple standard for voice/text/data exchange, so successful you see apps like WebTorrent now using it, which you can argue is superior to standard torrenting thanks to the superior encryption mandated by WebRTC. I would also assume (although I have not verified) that it would provide you extra anonymity. Torrent data is easy to identify, but you can't tell what people are sending each other via a WebRTC transmission.
GCHQ wants to be added to your chat groups, but won't even have the decency to contribute GIFs February 4, 2019 https://www.theinquirer.net/inquire...wont-even-have-the-decency-to-contribute-gifs