Even exchanging SMS messages with someone who doesnât use TextSecure, there is some benefit - you still get locally encrypted storage of all SMS messages on your phone. That means (as long as you have set your passphrase timeout appropriately and such) that if your phone is seized by police / your nosy sibling, they will not have access to all your stored conversations.
Good point, though if the police want your SMS messages, theyâll just ask your carrier for them (yep, theyâre stored for quite a while).
In the event your receiving party isnât on CM or using TextSecure, the implementation will silently fall back to a normal SMS message (unencrypted).
This of course opens the question of whether itâs possible for a third party to make it look like the recipient isnât using encryption, to remove the benefit by forcing the fallback.
Piggy-backing on the FreeBSD post: Does it use a hardware based random number generator?
Absolutely right - itâs some protection, but not strong.
In at least some jurisdictions, arresting officers can look through a cellphone without a warrant, if thereâs no password lock on it. Where the arrestee has taken some measures to protect their privacy, that needs a warrant, the same as requesting texts from the carrier (again - depending on jurisdiction"
So, in this case, it might raise the protection to the level of requiring a warrant.
Once youâve established encrypted communication, I donât think it is possible to force a fallback without the senderâs approval.
I think itâs smarter than you give it credit for⌠but it almost doesnât matter at this stage. Consumer crypto fails because itâs really hard to get people to use it, not because advanced attackers subvert it. If the defaults are too weak they can be adjusted later⌠but if this app doesnât fail silently, it will be a hassle to use and I will disable it.
Theyâll give you fifteen years if you donât fork over the password here, like.
Iâm not quite sure what you mean - Iâve used the app for over a year; itâs not hard to use and only gotten better with time.
Also, what do you mean by âsmarter than you give it credit forâ? If an attacker can force the app to send plaintext when the sender means to encrypt, thereâs no way of spinning that as âsmartâ.
This is already doable with 3rd party apps across all platforms.
https://guardianproject.info/apps/chatsecure/
â
WORKS ON EVERY PLATFORM: Android with ChatSecure, iPhone with ChatSecure, Mac with Adium, Linux with Jitsi, Windows with Pidgin, and more!
https://play.google.com/store/apps/details?id=info.guardianproject.otr.app.im
If you run it with Orbot (android tor proxy) youâre as anonymised as you can be.
https://play.google.com/store/apps/details?id=org.torproject.android&hl=en
This topic was automatically closed after 5 days. New replies are no longer allowed.
