Moxie Marlinspike, the pseudonymous security researcher, cryptographer, and developer of the TextSecure and RedPhone privacy apps for Android, has devised a simple trick that iPhones can use to respond to another phone’s key requests even when the app is inactive. The technique relies on “prekeys” that are generated and sent to a server when TextSecure is first registered. When a separate TextSecure user wants to send a message, he’ll no longer have to wait for the other party to respond with her key. Instead the sender will be able to download her prekey and so the ephemeral key can be generated right away.
I read about this a few days ago, but was holding off posting to see if anyone would shoot holes in this method. I have yet to see anyone complaining about it enough to warrant suspicion, but there are a couple things I really don’t like here:
- “the pseudonymous security researcher” — that doesn’t make me feel all warm and fuzzy about the developer, let alone trust this person.
- From what I can tell your pregenerated keys sit on a remote server, are then fetched, and used to pair and encrypt the message. This is a neat trick, but my fear is that your keys could be compromised before you even get the message. So yes, it would be hard to go back and decrypt your old messages, but if the server that holds the keys is compromised then all of your new messages could be decrypted in real time (I would assume) and thus you need to trust the server your keys are on. Which brings me back to point one.
I regularly use Silent Circle and Wickr. Wickr is an odd beast that I have talked about before and the security of it is questionable due to the same server issue. I’ll take you back to this post where Matthew Green looks through secure messaging apps.
Green can’t even weigh in on Wickr, which is concerning. He is in awe of the code for TextSecure (I wasn’t using the pre-key method at the time of Green’s writing), and as for Silent Circle they have been independently audited at a code level and nothing sounds any alarms. TextSecure seems to actually be secure.
I personally think the best bet is Silent Circle for these reasons:
- They shut down their email service preemptively instead of having any of their users privacy violated — they did so on the notion that they may be forced to turn over everything instead of waiting to be forced into it.
- I know who they are (not personally). Using your real names, establishing a real company, and showing your credentials goes a long way to establish trust with me.
- They claim the message key are stored on the device, never leave the device and are not on any servers.
For those reasons I am sticking with Silent Circle to talk to, uh, myself with — man I wish more people took this seriously enough to get accounts on these services. Ultimately, I think TextSecure will stand a good chance because it will be free and secure-ish.