CrypTweet: Strong Encryption for Twitter DMs
It's been a while in the making, but this is well worth some attention.
I've been lucky enough to be an early tester on CrypTweet - http://plexusproject.org/ - a public-key based method for encryption of Twitter DMs.
A base version is now available on the site linked above. It works nicely out of the box, but is kind of raw - minimal functional set, and all that.
For anyone interested in this kind of thing, for any number of reasons, may I (mis)quote that great Australian music commentator, Ian "Molly" Meldrum, and suggest you do yourself a favor by checking CrypTweet out.
trib -- @trib about.me/trib
23 comments
[ 0.24 ms ] story [ 80.4 ms ] threadFor the children.
It's understandable that you have a personal obligation to defend your friend, but it really isn't necessary. Sit back, relax, and allow the author to reflect on the constructive feedback here.
Just copy and paste a PGP encrypted message to pastebin.ca and and tweet the link, if you must.
1) You are in imminent danger of being "shot in the face" or similarly harmed;
2) Your best means of salvation from (1) is communication via Twitter DM;
3) The absence of a means in which your message could be encrypted on the client side beyond the HTTPS connection to Twitter's servers would significantly increase the chance of (1).
This is a serious question.
2) environments where "your survival depends on efficiently communicating and organising" tend to ignore habeus corpus and standards of evidence. Realistically, your survival depends on external factors (your side winning) rather than hoping you and everyone you've been communicating with can withstand torture indefinitely.
2b) digitally signing a message reduces plausible deniability
Ofcourse it'd be great if twitter did the job for you, but I don't necessarily see why it ought to be Twitters position to fulfill this edge case rather than say a protester who knows they are about to go into a life threatening scenario and need to organize--both beforehand and during the escapade.
- Stores private key by: a) SHA384-ing your passphrase, and choosing a sub-sequence of the output depending on one bit of the output (this is poor for brute-force resistance compared to PB-KDF2), b) DES3 in CBC mode with a fixed IV and PKCS5 padding (insecure for CCA2 and providing no authenticity. This is vulnerable to recovery using the padding oracle attack).
- Messages are encrypted with RSA-PKCS1.5 in signing mode (in other words, RSASSA-PKCS1-v1_5, not RSAES-PKCS1-v1_5). That means messages are trivially recoverable through KPA.
So: don't use this for anything other than a toy. The crypto is misdesigned.
http://cryptwit.com
You can see an example here:
http://cryptwit.com/decrypt
Enter "yickster", then passphrase "hackernews"
You still need to solve the problem of distributing public keys in a way that both parties can be sure they're receiving and sending messages from the correct entity. Do you trust all of the certification authorities that are automatically trusted in standard browser or operating system distributions? If not, how do you communicate public keys securely between two or more parties?
And how do you distribute the application and ensure that users aren't tricked into using a modified/backdoored version?
How do you ensure that users aren't tricked via a phishing attack into inadvertently handing over keys, downloading software from the attacker or otherwise compromising their own security?
If one party to a conversation is compromised, do you care if the identities and messages from other parties to the conversation become compromised as a flow-on effect?
How do you ensure that parties to a conversation are receiving all the messages sent -- is an adversary blocking random messages? Is an adversary reordering the delivery of messages to change the overall meaning of the conversation?
Have you carefully considered the implications of replay attacks?
Do you care if the system is leaking important side channel information such as the frequency of communication and time between responses?
Have you considered what users will resort to in the event that their communication method is deliberately denied? Will users fall back to a weaker method of communication? Will users tend to perform a Google search that returns a maliciously placed help/reference page that executes malware on their system?
Does the system have a means for users to expose the presence of an adversary that has compromised the system?
Algorithm implementations are just a minor (but still highly important) aspect of a full crypto system implementation.