What's new
  • Happy Birthday ICMag! Been 20 years since Gypsy Nirvana created the forum! We are celebrating with a 4/20 Giveaway and by launching a new Patreon tier called "420club". You can read more here.
  • Important notice: ICMag's T.O.U. has been updated. Please review it here. For your convenience, it is also available in the main forum menu, under 'Quick Links"!

Newer uncrackable encryption for communication

O

OptionDork

Didn't see a thread so starting one about Perzo. Seems a way of communicating that even the company can't crack any communication using their technology. You can go to perzo.com and check out their services and seems still in beta mode.

Your messages on Perzo are encrypted and turned into a bunch of gibberish using a cryptographic key generated from characters within the messages themselves.

Don't think that Perzo has access to your conversations just because this is all happening on their infrastructure. If the NSA were to ask Perzo to retrieve a person's messages, all Perzo would be able to show them is a bunch of garbled text. It's designed in such a way that any third party, Perzo included, can't decode the messages.

"We can't see what you're doing. If you lose your password, it's practically impossible for us to retrieve it, and that's by design. And if the government asks us for our data, obviously we'll comply, but we have no way to help them make sense of the encrypted message."
Click to expand...
 
B

babelfish

Member
OptionDork said:
Didn't see a thread so starting one about Perzo. Seems a way of communicating that even the company can't crack any communication using their technology. You can go to perzo.com and check out their services and seems still in beta mode.
Click to expand...

its a good start. I'm still looking at the whole ecosystem, and how primary key exchanges work.. Got a nice test account to have fun with for now though ^_^
 
M

mr.shiva

creepy first post optiondork in & out of here in a flash huh. think I'll stick with wickr
 
supermanlives

supermanlives

Active member
Veteran
there is no hiding from the man. don't believe for a minute they cant crack whatever they want if they want you bad enough.
 
Bababooey

Bababooey

Horse-toothed Jackass
Veteran
Well, any communication can be insecure if the person youre communicating with has been compromised.
But how's the encryption looking, babel? As good as advertised?
 
B

babelfish

Member
That's hard to say. Technically since i can't see the code and access the machines they could be running whatever they want. The core is that i wouldn't really trust anyone else's servers to do this sort of thing. the tradeoff being i need to build/config/maintain/secure my server(s) myself.

Assuming it does what they say it does, it sounds very very good. I've asked them for more details, not sure how much they can share or will share, but i'll keep you guys updated.
 
B

babelfish

Member
wildgrow said:
I would have used the word 'suspicious'.

Welcome to your government provided encryption program!
Click to expand...

lol. I do suppose it's possible - this is why open source wins - many eyes to view that code. It can also mean they find flaws faster..

But, remember when everyone was on aim? When you wanted to talk PRIVATELY you did the 'direct chat'? its a good idea to never trust a third party in any regard.

That being said, life is unmanageable without levels of trust. Like those root SSL certificates. So, I like you have to trust that those smarter and wiser than me have looked for security holes and such. In some cases I feel they have - look at all the talk about tor and ssl lately. so, would I use perza to co-ordinate something critical - say i thought a rogue government agent was going to set me up or something and i'm trying ton co-ordinate my defense strategy (yeah i know, never happen - GOD I HOPE) - then no way would i trust perza with it. If i'm trying to say something to my girlfriend? probably.

besides, i'm not convinced a man in the middle couldn't read an entire conversation (ignore the desire to insert they're own data) given they had access to all the packets that were exchanged.

wikipedia - Man-in-the-middle_attack#Need_for_additional_transfer_over_a_secure_channel

Need for additional transfer over a secure channel:
All cryptographic systems that are secure against MITM attacks require an additional exchange or transmission of information over some kind of secure channel. Many key agreement methods have been developed, with different security requirements for the secure channel. Interlock Protocol attempts to address this.
Click to expand...

Essentially, if we've not exchanged keys directly in person while being unobserved, AND if our respective data (computers, phones, emails, whatever we used to store the key) remains unaffected and secret over time, then we have NO expectation of privacy.

There are methods talked about where you exchange half the message from each side at a time, but this only ensures no third party can insert data (text, photos, whatever) into the message. This is the point of the CA's (certificate authorities), they take care of the main ssl authentication certs on the web, so they provide some signatures we can use to verify the authenticity of a ssl cert against the issuers. Some very complicated math is involved, but essentially its just a way to validate the ID of the cert of the site. To get a cert that works like this, a site needs to go somewhere and purchase it. to do this, they must pass a verification check from the issuer.

Let's look at what we do to validate a site's certificate from an admin's point of view. One fast way is to go to http://www.digicert.com/help and toss in the URL to the site.

For fun I have done this with ICMAG. Passes with flying colors of course :laughing: :dance013: :biggrin:

Here's the screenshot:
attachment.php


So, we can see this ring or trail of trust. it goes down to the thawte primary cert, which is one of just a few on the internet. basically, everyone in the world's browser trusts this cert.

so if you have the chance to exchange a key with someone, in private, you have a pre-shared secret which you can both encode the messages with - you with his and he with yours. this PLUS some secondary encryption (something that makes it hard if you don't capture all the packets - like perfect forward security) - this is now ready to be texted, im'd, skyped, emailed, whatever.

Just remember.. something you release online or share is most likely out there for life. be safe when sharing, and may every day find you in good health. :thank you:
 

Attachments

  • icmag.ssl.jpg
    icmag.ssl.jpg
    54.4 KB · Views: 13
M

mr.shiva

wildgrow said:
I would have used the word 'suspicious'.

Welcome to your government provided encryption program!
Click to expand...


All the other supposed privacy programs I've looked at seem fairly sketch, weird privacy agreements etc. Nico Sell (wickr), seems to be the most credible of the bunch, plenty of articles about her before starting wickr. Most interesting security program I've seen since the early 90's pgp & Philip Zimmermann.
 
B

babelfish

Member
mr.shiva said:
All the other supposed privacy programs I've looked at seem fairly sketch, weird privacy agreements etc. Nico Sell (wickr), seems to be the most credible of the bunch, plenty of articles about her before starting wickr. Most interesting security program I've seen since the early 90's pgp & Philip Zimmermann.
Click to expand...

blow+jabber+otr+tor should do it..
or look at blow+silc
 
B

babelfish

Member
mr.shiva said:
now if you could only do all that with a burner iPhone....
Click to expand...

the key is having data not voice. data can do much more, since its not artificially limited as much as standard voice. this means you can actually have a chance to encrypt your convo, etc.

and i'm NOT bully on perzo. i'll be passing.

watch this:
https://blog.codecentric.de/en/2013/07/ssl-man-in-the-middle-no-thank-you/

then read this
http://tonyarcieri.com/imperfect-forward-secrecy-the-coming-cryptocalypse
http://arstechnica.com/security/2013/11/repeated-attacks-hijack-huge-chunks-of-internet-traffic-researchers-warn/
 
Bababooey

Bababooey

Horse-toothed Jackass
Veteran
Alright, so no perzo.
So how do i set up: blow+jabber+otr+toror look at blow +silc
on my burner smartphone?
 
supermanlives

supermanlives

Active member
Veteran
anyone that thinks the powers that be is gonna let communications that they cant read ,listen too freely flow is fucking crazy. they got backdoors for everything my friends and if I was in power I would be concentrating on the secure communications first. but go ahead an keep your head in the sand.if your that big a target encryption aint gonna help ya except with local piggies.if they really want ya your screwed
 
B

babelfish

Member
supermanlives said:
anyone that thinks the powers that be is gonna let communications that they cant read ,listen too freely flow is fucking crazy. they got backdoors for everything my friends and if I was in power I would be concentrating on the secure communications first. but go ahead an keep your head in the sand.if your that big a target encryption aint gonna help ya except with local piggies.if they really want ya your screwed
Click to expand...

no not everything. that statement is an overreach.
as far as secure communications goes, again i'm not certain it's really possible IF THEY CAPTURE ALL PACKETS. this is actually very expensive, and you would need to be an actual target. 99% of the time they will not be recording _Everything_. but they do have backdoors into most OS's - which means they can compromise the device rather than the entire connection - easier and cheaper. but firewalls and normal modern tools let us see many of these things, and right now independants are looking for a very wide range - now it's hard for them to hide their influence because of the range of people working on this. i doubt we will see 100% reveals, but we are getting closer to the truth. this is why i emphasize exchanging keys in person. if you were really paranoid you'd exchange lists of one time use keys - so the secret itself is changed each session and not ever transmitted

mojave green said:
whatcha think of bitwise babel?
Click to expand...

http://www.bitwiseim.com/ ? i'll look at it. but most of the time the actual issue is the secure exchange of keys during the initialization of the connection between parties. if this is compromised actively then the rest is dust.
 
supermanlives

supermanlives

Active member
Veteran
you never really know who owns what. if I was govmnt I would setup an softwre co or site and reap the rewards of the users info. I don't trust those in power and they are always one step ahead in technology. I am small fish and aint worried anyhow
 
Bababooey

Bababooey

Horse-toothed Jackass
Veteran
babelfish said:
. but most of the time the actual issue is the secure exchange of keys during the initialization of the connection between parties. if this is compromised actively then the rest is dust.
Click to expand...

So basically any system that exchanges keys over the internet can be compromised by the govt-industrial powers that control the interwebs.
are there any reliable encryption methods for voice/text?
 
B

BrnCow

Can you say thank you Bill Gates? Mshit has been backdooring for the government since Windows 3.1
 
You must log in or register to reply here.

Latest posts

Latest posts

Top