2016-10-26

Sometimes you need to chat about something and can’t risk that information falling into the wrong hands. It could be sensitive company information or personal data.

Fortunately, you don’t need to install an encryption engine and can take advantage of several chat apps available. These apps are available as web based and mobile.

ChatCrypt

ChatCrypt performs a military-class AES-256 CTR encryption on chat messages, thus no one can read them except the participants who knows the same secret password. Unlike traditional so-called “secure chats” where only the connection is secured between the browser and the server, thus on server side all messages can be readed and logged in plain text format, ChatCrypt approaches the problem from a different perspective: it encrypts the messages itself before they leave the browser’s frontend utilizing the AES-256 algorithm in CTR mode with a secret password specified by the user.

With this simple, but unquestionably most effective solution decryption of any message is only possible with the knowledge of the passphrase given at the inital encryption stage. So there is no need to secure the connection, messages travels in their encrypted form inside the entire pipeline. On server side there is no known solution to break that cipher in a reasonable time, so the conversations remains private between the participants who joined a room with the same password.



ChatCrypt holds the encrypted form of the messages only temporarily in the server’s memory for less then 10 seconds, so there is no real chance to retrieve even the ciphered texts.

Most people think that if a website uses a HTTPS connection (especially with the green address bar) then their “typed-in” informations are transmitted and stored securely. This is only partially true. The transmission is encrypted well, so no third party can sniff those informations, but there is no proof that the website owners will handle them with maximum care, not mentioning that the suitable laws can enforce anyone to serve stored data for the local authorities.

Overall, this means that if anyone uses a chat service with similar security technology, the conversiation will be visible for the participants and (at least) for the website owners. That case is probably not acceptable in every situation, especially where mission critical informations have to be exchanged.

ChatCrypt’s unique encryption feature ensures that only and exclusively the participants of a room with a shared password are able to read each others messages. More precisely, anyone else who may acquires the conversation without the knowledge of the password won’t be able to decode it.

How Chatcrypt Works

ChatSecure

ChatSecure allows you to set a master password to keep prying eyes out of the chat app itself, supports WiFi Mesh Chat (chatting with others on the same local wireless or mesh network ─ no server required), and even enables you to create anonymous “burner” chat accounts. If you have to do anonymous chatting, and you’re behind a firewall, you can install the Orbot proxy tool, which will get you through. (Orbot is also required to create “burner” accounts.) With ChatSecure, two-way encryption can’t take place until a user has been verified (done through the app). Once verified, you can encrypt conversations and each sent message will indicate if it is encrypted or not.

Cryptocat

Cryptocat is free software with a simple mission: everyone should be able to chat with their friends in privacy. Cryptocat is a secure open source messaging extension for the Google Chrome browser. All messages are encrypted before they leave your computer, so there’s no concern that plain text is being sent and then encrypted on a third-party server.

With Cryptocat, you can do group chats, file sharing, connect to Facebook Messenger, and more. Cryptocat includes a built-in key generator, so you don’t have to worry about importing your own encryption keys. There’s one caveat to using Cryptocat: The person you’re chatting with must also be using Cryptocat — this goes with Facebook Messenger chats.

Open source. All Cryptocat software is published transparently.

Encrypted by default. Every message is encrypted, always.

Forward secure. Chats are safe even if your keys are stolen.

Multiple devices. Devices receive messages even when offline.

File sharing. Securely share files with friends.

How Cryptocat Works

Surespot Encrypted Messenger

Surespot Encrypted Messenger is an end-to-end symmetric encryption messaging tool (using 256-bit AES-GCM encryption) that creates keys using 521 bit ECDH shared secret derivation. It’s private — period. The best thing about Surespot is that all the privacy is built-in, so you won’t even notice the security layer.

Whereas SSL can be thought of as client to server encryption where the hops cannot access the plain text but the server can, end to end encryption encrypts the data so that only the end users can decipher it. No one along the network route the message takes from one client to another, not any of the hops, not even the surespot server, can view the contents of the data. Only user 1 and user 2.

Encryption is an electronic lock and key system. You take a plain text message and encrypt it using a key (secret). You can then decrypt the message using the same key. Pretty simple. You encrypt data at one end using the key, send it over all the network’s hops and servers, and at the other end it can be read because the key is known. None of the hops and servers in-between can read it because they don’t know the key.

Say user 1 encrypts a message for user 2 with a key, then user 2 decrypts it using the same key. Simple right, except for the fact that user 2 needs to know the key! Somehow we need to get the key to user 2 but how can we send it over the network? Surespot can’t encrypt it because we need a key to encrypt so we have a catch 22. Or a chicken and egg situation. The answer is Surespot don’t send the key over the network. Well not the key we’re using to encrypt the messages at least.

How Surespot Works

Tox

Tox is somewhat new to the world of secure chatting. It was created as a reaction to concerns of Skype’s privacy (or lack thereof). Tox uses dispersed networking and strong cryptography to create a secure (using NaCl crypto library) messaging system for everyone. Users are assigned a private and public key and connect to one another directly — no middleman or third party involved.



With Tox, you can do text, phone, and video, all secure. Tox is free, open source, and available on Linux, Windows, and Mac. Its interface is incredibly easy to use (anyone of any skill level can start using right away) and doesn’t require you to connect with your Facebook, Google, Twitter, or any other account.

Tox began a few years ago, in the wake of Edward Snowden’s leaks regarding NSA spying activity. The idea was to create an instant messaging protocol that ran without any kind of central servers. The system would be distributed, peer-to-peer, and encrypted end-to-end, with no way to disable any of the encryption features; at the same time, the protocol would be easily usable by the layperson with no practical knowledge of cryptography or distributed systems. Work began during the Summer of 2013 by a single anonymous developer (who continues, to this day, to remain anonymous). This lone developer put together a library implementing the Tox protocol. The library provides all of the messaging and encryption facilities, and is completely decoupled from any user-interface; for an end-user to make use of Tox, they need a Tox client. Fast-forward a few years to today, and there exist several independent Tox client projects, and the original Tox core library implementation is nearing completion (in terms of features). Tox (both core and clients) has thousands of users, hundreds of contributors, and the project shows no sign of slowing down. Recently, a group of some of the project’s major contributors have formed The Tox Project, an organization built around the protection, promotion, and advancement of Tox and its development.

How Tox Works

Originally posted 2012-07-27 17:33:00. Republished by Blog Post Promoter

The post Secure Chat Conversations appeared first on Information Technology Blog.

Show more