* Posts by anon9045839452

18 posts • joined 25 Aug 2011

'Trust it': Results of Signal's first formal crypto analysis are in

anon9045839452

Re: Which one should I use!! -NONE-

I cant believe no one has recommended CHATSECURE yet!

-Open Source

-Runs on Android, iOS; (download from apple app store, F-Droid, Google Play, guardian project website and source code on github)

-awesome OTR protocol that has deniability with no digital signatures and perfect forward secrecy with strong 256 bit AES encryption

-Uses xmpp protocol so you can use one of any of the many public or private xmpp servers, or use facebooks or google servers to communicate, or use your own xmpp server

-compatible with other platforms that use xmpp and OTR such as pidgin (when plugin has been added), tor messenger, adium, Jitsi as well as others

-SUPPORTS TOR!

-SQLCipher for securing local device

It kinda kicks more ass on android than it does on iOS cuz it doesnt stay well connected to the other user compared to how awesome it works on android. Also i find the iOS device doesnt work with the built in tor feature. The Tor feature is buggy on iOS when connected to an android instance using tor.... but droid to droid both using tor seam to work great

its cross platform compatibility means that a PC or Mac user (or someone using a desktop *nix distro) can easily talk to someone using chatsecure by using tormessenger or pidgin with otr installed.

I dont use signal because i cant seam to install it on my ipod touch and iphone as it needs a newer version of iOS. I also dont think I trust it now that I have read some of the other comments in this thread. The dev of signal doesnt inspire confidence in the implementation of the crypto and a lot does appear to be media hype in the last few months.

The voice features that signal has are cool - as are other features it has. Chat secure has a "walkie talkie" kind of voice chat feature, even tho it doesnt explicitly advertize this. Im not sure how chat secure secures the audio, but signal uses zrtp which is cool.

I also dont particularly like that you cant choose where your data is routed with signal - it only supports using their servers. open whisper systems does not open source the server side of the signal service.

Signals centralized servers also store all public keys, provide key exchange, and hold the contact lists for its user base. I dont like this

Atleast with chat secure you can chose what servers you'd like to use. Signal apparently has servers in 10 countries to help handle its loads with the user having no control over what countries (and thus, jurisdictions) you end up mingling with.

With chatsecure you can allow only a connection through a public or private and optionally password protected and SSL encrypted xmpp server in whatever jurisdiction that you deem to be the the most secure in your particular situation and both clients can be using tor if you want.

If you dont find a server you trust, then you can even set up an xmpp server yourself using the software of your chosing, hardening the communication and server to your own level of comfort and nessesity you think you might need. Even set it up and password protect it, authenticate connecting users, wrap all communication in an extra layer of encryption and use a VPN in a country with a language barrior and with no jurisdiction, extradition treaty and on another contenent than the country you are in. All running on top of a tor hidden service. Signal users cant do that

Oh, and chatsecure allows you to create a one-time 'burner' user account if you think it might be necessary to use an account only once to communicate with some one

Chat secure also had a half brother at one point called textsecure. They were almost twins at the time, but textsecure allowed OTR over SMS... something that is no longer supported since signal took over the unofficial fork. too bad... OTR over SMS would be super handy to some people in some countries that dont have data and only have SMS....

Redphone is now Signal. This kind of sucks too because it worked on older versions of iOS and now some of my friends who have older apple hardware can no longer get redphone. Signals compatibility with only newer iOS versions have actually made it so LESS people can chat securely via SMS/textsecure and Redphone no longer being hosted by the appstore or google play - if you want it on an older version of iOS then too bad.

Tinfoil at says that it a conspiracy to slowly make it harder for more devices to be compatible with strong encryption - but more likely its just the app developers not even contemplating the effects of ignoring back compatibility with older OS software/hardware and its effect on the masses of non-techie users abilities to safely use strong crypto to protect their privacy

Im not saying OWS or signal or the devs of signal are bad, or are short sighted or are evil privacy hating NSA spooks... but if you want to donate to a secure app, support chatsecure. Its better in almost every way

https://chatsecure.org/

https://twitter.com/chatsecure

https://github.com/ChatSecure

https://www.facebook.com/chatsecure

https://itunes.apple.com/us/app/chatsecure

https://play.google.com/store/apps/details?id=info.guardianproject.otr.app.im

you can donate to chatsecure here: https://www.coinbase.com/checkouts/1cf35f00d722205726f50b940786c413

0
0

Pacemaker hack legend Barnaby Jack dies just before Black Hat revelations

anon9045839452
Unhappy

RIP to an amazing hacker

This is very, very sad news.

This man was one of the most amazing hackers on the planet. RIP Jack. Your antics will be missed

1
0

Skype denies system upgrade enables in-call spying

anon9045839452
Thumb Down

Re: This is simple to confirm

right here: http://cryptome.org/isp-spy/skype-spy.pdf

and here: http://cryptome.org/isp-spy/skype-log-spy.pdf

they've been doing it forever

2
1

Judge frees nude TSA protester, citing free speech rights

anon9045839452
Pint

bravo

while your body may not be that beautiful, your actions are!

Beer is on me!

20
1

Hubble spots ancient spiral galaxy that SHOULD NOT EXIST

anon9045839452
Trollface

Re: Hmmm...

You are right about Hogwarts: nothing to see except wizards.

0
0

China's internet wunderkind in the dock over alleged fraud

anon9045839452
FAIL

did you read the report?

It seams as if you have not

0
0

PGP founder, Navy SEALs uncloak encrypted comms biz

anon9045839452
Facepalm

I spoke with Phil on the phone a year or so ago...

about his zfone technology. We wanted his SDK to create an open source p2p VoIP program that would run on iOS and Android via wifi - this would allow for secure voice communication through later generation ipods and android devices that have microphone inputs and speaker outputs.

He was willing to give us an evaluation license of his SDK as long as we made it open source and/or made the program free of charge. He said if we at all charged for the product that we would have to buy his full developers license of the zfone sdk.

We decided that there were already some open source projects that we could use that were just as good, if not better than his zfone tech.

We never got the idea off the ground. It looks like he took a similar idea and made it profitable.

0
0

PFY vs Bearded 80s Netscape Bore: BOFH

anon9045839452
Thumb Up

WIN

this episode was so much win

0
1

Finally a use for quantum computers: Finding LOL-cats faster

anon9045839452
Black Helicopters

Re: Next-generation ciphers

what about plausibly deniable encryption? quantum computers cant find your hidden partitions... can it?

0
0

WHMCS under renewed DDoS blitz after patching systems

anon9045839452
Mushroom

Much Worse

Rumor on the underground is that this hack is devastatingly worse than they are letting on.

DBs, Web Root and Cpanel files are reported floating around in the wild.

0
0

Story withdrawn

anon9045839452
WTF?

Re: Ill make this quick. Title "how to stop viruses"

are you trolling, R16? Thats the stupidest response i've ever read, unless you're a troll.

2
0

Anonymous crashes Formula One site over Bahrain protests

anon9045839452
Pint

Re: Enjoy the Iron Bar Hotel

Yes. Absolutely.

1
5

Woz warns that patent palaver will stifle startups

anon9045839452
WTF?

Re: only half an article

Yeah, it covers my screen too.

WTF!

0
0

Megaupload boss: Site popular among US government users

anon9045839452
Thumb Up

Excellent PR

The Public relations of this incident is outstanding! Good Job Kim Dotcom (lol)

0
1

Microsoft tech turns any object into a touchscreen

anon9045839452
Go

6th sence

too bad MIT didnt come out with it sooner. M$ version of the tech looks quite bulky compared!

0
0

German cops hacked in revenge for dad spying on daughter

anon9045839452
Mushroom

A 23-year-old from was arrested last summer for hacking into German customs authority computer systems.

North Rhine Westphalia born and raised

On the interwebs was where I spent most of my days

Chillin' out haxin' relaxin' all cool

And all shootin some b-ball outside of school

When a cute lil of girl

She was up to no good

Startin making trouble in my neighborhood

I got in one little hax and my mom got scared

She said 'You're movin' with your auntie and uncle in Bel Air'

2
0

World's first Win 8 malware 'bootkit' to debut next week

anon9045839452
Stop

Misleading Article

"Peter Kleissner said Stoned Lite – as the latest version of his bootkit is called – doesn't bypass defenses that will be available to people using Windows 8 on newer machines."

This is inaccurate.

Also, it does not appear that it will be at malcon, but rather the European bitcoin conference that this will be presented at.

Mad propz Peter. You're work is so great that there are people trying to discredit your work. This shows that some one is scarred.

1
0

Vandal posts official's nude pic to protest cell shutdown

anon9045839452
FAIL

Your barn doesn't matter

1) People dont pay money for wifi service in your barn

2) The infrastructure is already in place for cellular service, turning it off is silly

3) What they did was pretty funny

Why are you so butthurt over this guy getting owned so bad?

2
5

Forums