Channel Islands firm touts all-in-one secure comms app A British start-up has launched a fully encrypted communications platform for mobile devices that aims to challenge established apps such as FaceTime and Skype, and even heavily-touted privacy-engineered devices like the BlackPhone. Pryvate from Criptyque offers encrypted email, voice and video calls as well as secure instant …
This post has been deleted by its author
This post has been deleted by its author
I think you misunderstood that part about the AES 256-bit key.
The encryption keys that is employed by Criptyque-Pryvate is RSA 4096/ AES 256. The Diffie Hellman is used as the method of exchanging these cryptography keys for use in symmetric encryption algorithms.
This is particularly useful because you can use this technique to create an encryption key with someone, and then start encrypting your traffic with that key. And even if the traffic is recorded and later analyzed, there's absolutely no way to figure out what the key was, even though the exchanges that created it may have been visible
From my checks they use SRTP to encrypt the low level voice packets, and ZRTP is the protocol that the two parties use to negotiate the SRTP session key.
This post has been deleted by its author
Why do people continue to use AES-256, when it has been shown to be more susceptable to cryptanalysis than the 128 and 192 bit variants?
Because the attacks are completely impractical, and most customers who don't simply ignore the key size in the marketing materials will assume that bigger is better.
Since someone asked for links: the simplest explanation I know of is Schneier's.
Basically, here's the issue. The AES variants have larger keys and more rounds as the number (which is the size of the key, in bits) gets bigger. The size of the key determines the cost of a naive brute-force attack, so there bigger is better, but really even AES-128 is plenty big enough to defend against exhaustive search. Permitting larger keys is mostly a proleptic defense against future attacks that are better than brute force but still depend to some extent on the size of the key.
The problem is the AES key schedule, which turns out to be rubbish for larger keys. Consequently, in 2009, Biryukov et al showed that there are better-than-brute-force attacks against the larger variants.
So the best known attacks against AES-128 has a time complexity of 2128; for AES-192 it's 2176, and for AES-256 it's 2119. (Assuming no better attacks have been discovered in the last six years, which actually is a pretty dumb assumption, but I'm too lazy to go look right now.)
Note that 119 is less than 176 and even 128, so AES-256 is technically weaker than AES-128, if you can mount this attack (there are various requirements). And if AES-256 had only 10 rounds like AES-128, instead of 14, it would be breakable in practice.
As it is, 2119 is still completely infeasible. But 1980s_coder is right: using AES-256 for a new application, if you're not constrained by interoperability (as with some TLS suites, for example), is rather amateurish.
Criptyque is incorporated in Jersey in the Channel Islands because Jersey has its own independent government and legislature placing it outside the jurisdiction of the United Kingdom. This eradicates any possible request to have a backdoor built into the application and therefore providing our users with the utmost confidence in our independence from any government interference.
1 - the government rarely asks for a backdoor in the UK, that's more a US thing anyway.
2 - as far as I can tell, the Criptyque corporate address is not in Jersey, it is in the UK (unless someone moved Bristol while I wasn't watching), it matters not where the Secretary/Director (it's the same person) lives. Going back to point 1 above, it means UK laws apply. Even though they registered the domain for a Jersey location. In Denmark. If the company insists on using its location as an argument it needs to clean all of that up so there is one consistent jurisdiction to deal with.
3 - having code checked by a separate company is a good idea. Even if it is a Belgian one. Which uses a website in the US. Which has both Google Analytics and Google AdWords running. But it does seem to have some competence - Leuven Uni delivers to quite an impressive standard. I hope those reports will be accessible.
It's cute that they sing the "independence from government" song, but just saying it won't make it so. In conclusion, nice announcement, all the right noises, but needs more meat on the bones before it becomes more than a curiosity for early adopters. Is the market there? Oh yes. Can they hit it? Well, it's a me-too with nothing of a USP so it's luck of the draw really. I wish them luck - the more the merrier IMHO.
As far as I know, Bristol is moved on a regular basis. But it is possible I have been misinformed. That aside, I agree with you, putting yourself outside the jurisdiction of the United Kingdom can't work like that.
"Pryvate from Criptyque" - they should have used the "detunnelizer" on their marketing people first, that is the perfect name for a perfume.
So contradicting claims on website...
Exhibit 1 - "No servers in the middle, no record of communication" - (apart from the meta data of setting up the calls, who spoke to who etc. )
Exhibit 2 - "Anti-Blocking" - "Its principle is tunneling all SIP and RTP traffic through a single secure https connection up to a detunnelizer server. Our solution comprises:
A tunnel client library is integrated into the Pryvate™ client for iPhone or Android.
A tunnel server is deployed inside our network infrastructure. The tunnel server re-creates the SIP and RTP traffic from the data of each secure connection to the clients."
So no server in the middle except when there is...
Although thumbs-up for inventing "detunnelizer" as a new word....
So you have to pay £4'99 a month in order to be able to communicate with other people paying the same amount. The seventeen of them.
Don't now why, but after surfing their webpage the expression "a snowflake in hell" came to my mind.
They should be giving it for free -at least the Lite version- for the first few years, until they have a big customer base, a more tested (and subsequently improved) set of applications, and a big crowd of sympathizers. And a prize tag of £4.99 a month will be a total deterrent for 99.9% of their potential users.
Charge the user a monthly payment -after the test period- to £0.50 and see how hundreds of thousands of users purchase the app after the free period.
Better yet, give the Lite version for free for individual citizens, so the critical mass of users forces business to purchase the Enterprise versions at serious prices.
I can understand that they need the money badly after the effort of developing such a set of programs, but they should obtain financing elsewhere -e.g. Kickstarter, investors...-. That path would probably make them stupidly wealthy in a few years. And as a side effect, they would give encryption to the masses, at long last!
Please note that first of all the first month is free(no credit card required) and includes all functionality of the full product, if then after the free month you do not subscribe to the paid model you get the lite version for free and for life..
On the subject of price it is £4.49 not £4.99 as you state.
Cordially
They should be giving it for free -at least the Lite version- for the first few years, until they have a big customer base, a more tested (and subsequently improved) set of applications, and a big crowd of sympathizers. And a prize tag of £4.99 a month will be a total deterrent for 99.9% of their potential users.
Yes from a marketing perspective, absolutely not from a security perspective. I distrust ANYTHING that can be had for free, because a company cannot exist from air alone and I rather have them properly funded and do good work than having to cut corners to hit a price point and thus weaken the very quality they're trying to sell.
I think their 'first month free' is a better model. The truth is that running such a business without extra income from advertising and personal data sales is costly, and I rather see that reflected in the price. You have two options here: either you pay money, or you pay with personal data which is really not on for a security company.
"I think their 'first month free' is a better model. The truth is that running such a business without extra income from advertising and personal data sales is costly, and I rather see that reflected in the price. You have two options here: either you pay money, or you pay with personal data which is really not on for a security company."
But doesn't that present a competing problem: the need to have mass adoption to enforce a standard or you'll just fade into obscurity like every other standard to date? So that's why some say to loss-lead: pick up a critical mass of customers and use first, then slowly putting on a price tag to get the money back. Because for an app like this you need to hit BOTH ends of the scale: mass adoption AND profitability. Plus with a large customer base, you can get away with a lower per-customer charge since they'll add up.
But doesn't that present a competing problem: the need to have mass adoption to enforce a standard or you'll just fade into obscurity like every other standard to date?
Oh, I didn't disagree with you that that is a better model to spin up a customer base, but the biggest problem you have when doing that is that you still need to fund the business in the meantime.
Their main problem is that they're a me-too, there is nothing about this business we haven't seen elsewhere and with better funding. The result is that there is competition from day 1 and thus the exact pressure you must avoid in security: cost cutting.
As I said, I wish them luck. The market is large enough, but there is a veritable sea of competition out there and so far, they don't seem to do anything different.
The idea is that you are encrypting the communication data to be sent over a public channel.
So that your conversation is 'safe' because the tech required to decrypt the communication would require the budget of the NSA and a bit of time.
Here's a major problem.
You had better have a good data plan and always be near a wi-fi hotspot.
Telcos can drop data rates to 2G in high traffic areas... ( you can figure out the implications to that.)
And if you're on a public wi-fi, how secure is that?
There are better ways ... Read more secure ways to encrypt written traffic...
As to voice... Best use a land line if you are paranoid enough to consider this tech.
As you note, the idea is to be able to create a trusted connection in an untrusted medium.
You implication is that this is impossible because the mere presence of an untrusted medium means the ability to break into the trusted connection, as if anything you try gets routed to a secret working quantum computer or whatever.
The idea is that it shouldn't matter where you hold the conversation, and text chat is very lean on the bandwidth since I can speak for a fact IRC was still quite useable on a 28.8 dialup connection. So who cares if the ISP can intercept it? Who cares if a malicious hotspot can read it (BTW, ISPs can intercept landline communications, too, so that's not an out, either; heck by your logic NO channels can be trusted because we don't own any end to end)? It'll all be gibberish to them anyway.
No, I'm not saying it can't be done.
What I am saying is that what they are doing isn't 100% secure and that it will work using your data plan and not voice.
What I also said was that it would be very easy for the Telcos to drop your phone to 2G and that will kill your ability to use the app. (Try using data over a 2G connection... it doesn't work. Especially for a streaming app.)
What I also said was that its possible to go with a different tech and deliver more secure text communications that will work regardless of the data rates.
Pryvate makes use of 4096-bit encryption, with AES 256-bit key management and Diffie-Hellman key exchange
It does what now?
Someone above posted that it uses DH key exchange, 4096-bit RSA asymmetric encryption, and AES-256 symmetric encryption, which at least makes sense (even if, as also noted above, AES-256 is a dumb choice). What you wrote is nonsensical. AES-256 is a symmetric cipher and has nothing to do with "key management", and no sane person would use asymmetric encryption for bulk data transfer.
And, of course, a statement like "makes use of 4096-bit encryption" is nearly content-free anyway. A cryptosystem that doesn't specify the algorithms, protocols, key management strategy, side channel controls, etc, could be complete crap, even if the notional key lengths are enormous.
I think you misunderstood that part about the AES 256-bit key.
The encryption keys that is employed by Criptyque-Pryvate is RSA 4096/ AES 256. The Diffie Hellman is used as the method of exchanging these cryptography keys for use in symmetric encryption algorithms.
This is particularly useful because you can use this technique to create an encryption key with someone, and then start encrypting your traffic with that key. And even if the traffic is recorded and later analyzed, there's absolutely no way to figure out what the key was, even though the exchanges that created it may have been visible
From my checks they use SRTP to encrypt the low level voice packets, and ZRTP is the protocol that the two parties use to negotiate the SRTP session key.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
