22 comments

[ 7.3 ms ] story [ 58.1 ms ] thread
I assume this was posted now because of this:

> Date: received 31 Oct 2014, last revised 5 Apr 2016

Also because the protocol discussed, now known as Signal, as been announced to have been implemented in WhatsApp yesterday.
(comment deleted)
Seems pretty good overall. The only primary bullet point to "fail" was here:

>In conclusion, TEXTSECURE only achieves deniability theoretically. Content deniability is provided due to our security proof but we can not prove that no delivery request will be recorded at the TEXTSECURE server.

Ah this is a good point, if the server records the exact direction of messages, then deniability goes down the toilet.
I would like to see a tool, perhaps even a companion app, that does this HMAC gymnastics to prior discussions to make deniability actually plausible instead of just theoretically plausible.

"Your honor, the defendant is clearly not Moxie Marlinspike. She said these things." "Objection! My grandmother can use Axylnotly to forge previous discussion and she is also not Moxie Marlinspike." " ... sustained."

This thing is not good, and I strongly recommend against making decisions based on it.
Elaborate please? (I'm not as well versed in security as I would like.)
Here's a quote from a post I enjoyed (https://www.elttam.com.au/blog/a-review-of-the-eff-secure-me...):

> This type of score card drastically simplifies the problem domain, and leads one to question what the tradeoffs are when installing an application from the list. While the advocacy of privacy based communication is something we love to see reach a mainstream audience, we believe the scorecard misses many considerations and metrics that are critical to the discussion.

To quote myself:

> The EFF score card is an embarrassment which is essentially equivalent to one of those "comparison table of our competitors" on a SaaS website. That's a good analogy for it, because it uses the same questionable metrics and even more questionable ranking system that one of those tables would use. The score card gives Signal the same ranking as Cryptocat - that's an instant negative result for its usefulness.

I agree. I particularly like your emphasis in last discussion on fact that they "buried PGP." PGP and then GPG have a long history of working against most powerful of the nation-state hackers. The Snowden leaks feature NSA smashing almost everything except for a rare few you can count on one hand IIRC. One of those is GPG. "NSA-proof in 2013" should get put next to its name on top of list, bolded, highlighted, etc.

Curious, what do you think of the worth of a LibreSSL-style effort to clean up GPG's proven code and build better interfaces for integrating it into other apps? Of course, to be done in parallel with development of things like Signal that will get more adoption.

I've expended 0 effort to find the answer to this myself, but I wonder if this is based on the OTR protocol, and if not, why not.
The TextSecure protocol is now named the "Signal Protocol"; it's developed by Open Whisper Systems. It is the protocol used by the Signal app on Android and iPhone, and as of this week, also used by WhatsApp.

Here is an older post where the authors of the protocol explain why not OTR: https://whispersystems.org/blog/advanced-ratcheting/

The main takeaway: text messaging, unlike traditional instant messaging, is primarily asynchronous with long-lived sessions, where traditional instant messaging is primarily synchronous with short-lived sessions.

The protocol used to be called Axolotl, if you want to search for older discussions and research on it.
The crypto primitives they use are called Axolotl as a group. Axolotl is to signal what RSA is to TLS.
The Axolotl construction was invented for Signal Protocol, which was itself originally called "Axolotl".
Do you happen to know whether this is the same protocol used in SMSSecure? I know it is a fork of TextSecure but am not clear on whether TextSecure changed their protocol after the fork in the process of becoming Signal.
It's the same. TextSecure called it "Axolotl", but the "Signal protocol" appears to just be a branding change.
> Furthermore, we formally prove that - if key registration is assumed to be secure - TextSecure's push messaging can indeed achieve most of the claimed security goals.
The mayor issue IMHO is the dependency to Google Cloud Messenger as the only available push notification system for android devices and its dependency to Google Play store. I believe an actor as powerfull as Google can detect paterns and learn from the notifications it handles even if the text is encrypted.