Enhances Secrecy Of Text Messages

posted by outlawq8 comment: 0


A security researcher has developed a technique that could significantly improve the secrecy of text messages sent in near real time on iPhones. The technique, which will debut in September in an iOS app called TextSecure, will also be folded into a currently available Android app by the same name.

TextSecure encrypts your text messages over the air and on your phone. It’s almost identical to the normal text messaging application, and is just as easy to use.

TextSecure Provides:

★ A secure and private replacement for the default text messaging app.

★ All messages are encrypted locally, so if your phone is lost or stolen, your messages will be safe.

★ Messages to other TextSecure users are encrypted over the air, protecting your communication in transit.

★ TextSecure is Free and Open Source, enabling anyone to verify its security by auditing the code.

TextSecure is the only Android private SMS/MMS messenger replacement that uses open source peer-reviewed cryptographic protocols to keep your messages safe. Rather than simply pretending to hide your texts by putting them in another place, TextSecure uses cryptography to ensure that they remain truly secure.

Unfortunately, this level of cryptographic protection isn’t universal. It’s not available in most encrypted e-mail programs, since all messages sent to a specific person are decrypted using a single private key. This limitation is largely unavoidable with e-mail and other so-called asynchronous messaging systems, which are designed to send and receive dispatches even when the other party is offline. E-mail and SMS texting services usually work around this problem by temporarily storing a message on a third-party server until the recipient is available to receive it.

To do perfect forward secrecy correctly, both parties must be available in near real time so they can swap random bits of data on the fly that will be used to negotiate and ultimately generate the temporary keys. In effect, the party initiating a conversation first must send a preamble in the background alerting the other party’s device of the intention to send an encrypted message and provide an ephemeral public key. The recipient’s device takes that key and sends an ephemeral key of its own back to the original sender. Only then can the session receive the assurance that it’s protected by truly strong secrecy.

Leave a Reply