Hacker 10 – Security Hacker

Tag: encrypted Instant Messenger

  • Secure chat communications suite GoldBug

    Secure chat communications suite GoldBug

    GoldBug is an open source secure Instant Messenger with cascade encryption, a way to secure your messages using multiple ciphers, also known as multiencryption. The program main features are encrypted groupchat, sending of encryption keys encrypting them, end to end encryption, public IRC channels with encryption, integrated BitMail, chat over Tor, forward secrecy, sending of random fake messages to confuse eavesdroppers, authenticated chat and many others.

    This program constitutes a full suite of chat utilities using encryption with the advantage that you will be able to interact with your friends in multiple different ways without having to install new software, and the disadvantage being that so many buttons and technical terms can be confusing.

    Encrypted Instant Messenger GoldBug
    Encrypted Instant Messenger GoldBug

    Documentation is clear and comprehensive, you can read every single feature detail in GodlBug website or download a .pdf help manual. GoldBug interface is fairly workable, with tabs quickly switching in between features, one click takes you to the IRC chat window and another click to the StarBeam filesharing and another click to the Instant Messenger chat.

    After installation you will be asked to create a username and password with a minimum of 16 characters before generating the public encryption keys. GoldBug uses end to tend encryption with multiple layers implementing trusted open source cryptology like GnuPG and OpenSSL, you can set your own encryption components with RSA, EL Gamal and DSA, customizing key size, cipher, hash and iteration. Tailored integrals that should not significantly increase your security level, but nice to have anyway, the more security variables, the more an attacker will need to fingerprint you before launching an attack on the scheme you are using.

    This program looks and security resembles my previously reviewed FireFloo Communicator, both programs appear to share part of the code but GoldBug has many more elements like the IRC chat, Tor and file sharing, and it is fully documented, I liked it much more because of this.

    I liked that the messenger is open source and it adopts known encryption algorithms and technologies. I would feel reasonably safe behind this program, favouring it over others because third party data retention is not possible in GoldBug as there is no central server and all of the different ways it has to securely communicate with each other peer to peer, it comes out as a well thought messenger.

    I wish other developers would stress user documentation as much as GoldBug has done, this is a first class secure communications program.

    Visit GoldBug IM homepage

  • OpenPGP encrypted Instant Messenger SafetyJabber

    OpenPGP encrypted Instant Messenger SafetyJabber

    SafetyJabber is a Jabber instant messenger with integrated encryption for Windows, Mac OS, iOS and Android. The messenger uses the XMPP transmission control protocol (TCP), an open standard developed by the Jabber open source community and compatible with any other of the bountiful IM clients supporting XMPP, this includes Google Talk, Jitsi, Pidgin, Trillian and Gibberbot, but not ICQ, Yahoo Messenger or Skype.

    After the installation you will be asked to create a new PGP keypair or to import your own, key length can be up to 2048 bit and the encryption keys password is optional. If you are familiar with PGP encryption everything will be intuitive, otherwise you can watch one of the video tutorials in the developer’s site or read the included help manual with screenshots, there is a user support forum too but everything appears to be in Russian.

    Before you can start chatting you will need to create a Jabber account first in any Jabber public server, a list can be found with a quick Internet search. Once you have registered for an account enter the given server settings in Accounts>Add, specifying to encrypt the connection with SSL or StartTLS, those details should be given to you during registration. The Advanced Setings button allows you to enter proxy details to connect to the server, this will hide your real computer IP from the Jabber server.

    Encryption OpenPGP messenger SafetyJabber
    Encryption OpenPGP messenger SafetyJabber

    The premium version version of this program removes an advertising banner, allows for bigger encryption keys of up to 4096 bit, comes with a portable version and a screensaver utility with hotkeys to lock your computer while you are away and to quickly shut it down during an emergency using the hotkey. The program features are simple but enough for all one needs, you get notified when contacts come online, conversations can be logged and there are smilies and a system tray icon with sound notifications, all of this can be configured within the settings. You can download SafetyJabber source code from the official website, checking that there is no backdoor and freely modify the code to add anything you want were you to have the skills for that.

    The most appealing thing from SafetyJabber for me is that you can look at the source code, very important for a security product, and they use an encryption standard like OpenPGP. This messenger will make sure that nobody can read the IM conversations with your friends, the private encryption keys always remain in your power and are not stored anywhere else, the only downside is that if you would like to send encrypted files you will have to pay for the premium version.

    Visit SafetyJabber homepage

  • DeOps, a secure decentralized Instant Messenger

    DeOps, a secure decentralized Instant Messenger

    DeOps, Decentralized Operations, is a Windows P2P instant messenger for secure file sharing and chatting, unlike Windows Live Messenger or Yahoo! Messenger there is no central registration server where to recover data from, all of the settings are locally stored in your computer, communications are P2P and ports are chosen at random to avoid traffic fingerprinting. The messenger, a small 3MB download, doesn’t have to be installed,it can be run from inside a USB thumbdrive or encrypted container, copying the profile there will move all of your settings along the way. I noticed that Windows Firewall blocked me when I launched the application asking for confirmation that I wanted to grant Internet access to DeOps this means that in guest computers you might need administrator rights.

    After launching DeOps you can create a global ID and secret passphrase for your organization, DeOps calls every separate P2P network an “organization“, each one of them can contain multiple chatrooms and groups. A deops:// link composed of a long alphanumeric string will be created for your group, you can copy it to the clipboard and share it publicly or in private with prospective members, to join your new darknet people will need to know the passphrase together with the link, the passphrase can easily be changed by the group founder in the settings.

    If you want to join an existing organization open a .dop DeOps Identity file or copy and paste a deops:// link inside the Join Organization window.

    Decentralized P2P IM DeOps
    Decentralized P2P IM DeOps

    To add buddies to your IM list copy and paste their personal deops:// link  inside the add window, to share files with everyone in the group place them inside “My Shared Files” area where they can be marked as public to be found by anyone using DeOps or private to be shared with darknet friends only, it is possible to copy and paste into websites a unique deops:// link of each file to be downloaded by other people using the same P2P messenger, the files you are sharing will only be available while you are online, file transfers are automatically swarmed (multi-sourced) when multiple people are downloading the same file.

    DeOps organization types

    • Public: Anyone can join by entering deops://orgname
    • Private: Only those invited can join, utilizes the lookup network to aid in finding new members.
    • Secret: Same as private except the look up network is not utilized. Best for large networks and LANs.

    You can find the usual IM settings like ignoring people in the network or set your status to Available, Away or Invisible, advanced options have diagnostics to automatically configure your router opening the necessary ports, successful network connection is displayed with a green bar. The tools section includes a bandwidth graph, crawler, lookup, file transfer status, technical logs (called Internals), data packets details and a searcher to find users and organizations that have chosen to go public, the help manual is very basic and has not been finished yet.

    The software includes a DeOps Internet simulator able to create dummy users and networks for troubleshooting, I did not experience any kind of problem and had everything set up in under 5 minutes. The weak spot of this software is that you are not anonymous, no measures are taken to hide your IP from other users, if someone you are communicating with is not who you think they are (infiltration, kidnapping), your real identity would be compromised.

     Visit DeOps homepage

    Note: This software development is on-going.

  • Retroshare P2P encrypted chat and filesharing

    Retroshare P2P encrypted chat and filesharing

    Retroshare is a decentralized open source friend-to-friend (F2F) Instant Messenger tool with group file haring capabilities and encryption, friends need to be invited before they are able to take part in the chat, you can create a group chat using a friends list, in group chats a forum can be used to distribute files in between acquaintances, the files are distributed in a multihop swarm system, even if one person goes offline, the files are still available as they can be downloaded from more than one source in parallel.

    It is possible to post links on a public chatroom, the links are on the form of “retroshare://” and whoever clicks on them will need to have the software installed for them to work, this is an ideal program to securely transfer files in between friends with no central server keeping logs and your private encryption key kept in your hard disk with no possibility of leaking it out. Authentication is done using GnuPG encryption keys (GPG4Win is included in the Windows installer), connection is through SSH and OpenSSL is used for end to end encryption.

    Retroshare encrypted chat and file sharing
    Retroshare encrypted chat and file sharing

    Upload and download speeds will depend on the user’s available bandwidth, file sizes of more than 2GB are supported, a private friend to friend network like Retroshare solves the problem of strangers reporting on controversial files being shared but friends IPs are still visible and if someone steals a members identity the whole network will fall, due to its multiphop nature the original uploader might hide his computer’s IP from the person downloading from him but other people IPs sharing that file in the network will be visble, leading to the original source following them, disabling IP/certificate exchange services improves anonymity.

    You can use Retroshare with a Virtual Private Network (VPN) to hide your real IP and improve your network anonymity, as VPNs are known to keep logs for a shorter time than ISPs do, there are no VPN incompatibilities of any kind, the software is available for Windows, Linux and MAC.

    Visit Retroshare homepage