Hacker 10 – Security Hacker

Tag: secure instant messenger

  • Open source P2P EMP encrypted messaging

    Open source P2P EMP encrypted messaging

    Recently released for testing, EMP, is a multi-platform P2P open source messaging system with encryption. There is no central server, everything runs in your computer and the technology is similar to that of Bitmessage.

    EMP has a clean tabbed interface that opens in your Internet browser, the toolbar address is http://localhost:8080 (yourmachine:port), you will see tabs named Inbox, Outbox, Sent, MyAddresses. The Inbox tab contains a list of the messages you have sent with the timestamp and the cryptic EMP receiving address with a Status column indicating if the message has been read.

    EMP Encrypted Messaging Protocol
    EMP Encrypted Messaging Protocol

    I downloaded the Windows version of EMP in Windows Vista and I was only able to install it after right clicking on the program and running it as administrator, then you click on the desktop shortcut and your Internet browser launches asking you to enter username and password RPC credentials that “should be located” in ~/.config/emp/msg.conf .

    The notice seems tailored to Linux users, after tinkering around Windows the real place where I found the msg.conf  file was inside Program Files (x86)/EMP and editing it with Notepad shows “user = “rpcUser” pass = “rpcPass”. Another thing is that you will have to remove the software from your computer manually, I could not see any EMP uninstall in Windows control panel, if you want to delete this program from your computer go to /Program Files (x86) and erase the full EMP folder.

    The main difference in between EMP and Bitmessage appears to be that EMP has been built for performance, the client has been written with Go, also called golang, a programming language designed for simplicity and EMP purges the network of read messages, EMP is also modular, it can be embedded with other applications as part of a communication suite. Bitmessage has on its favour that they hide metadata, I can’t tell if EMP also does it, at the moment they have no documentation.

    Security wise, AES256 is used for encryption and being open source means that others can review the code to find bugs, it don’t think is a bad platform but I can’t recognize any substantial reason why an average person would want to switch from Bitmessage to this new platform.

    Visit Encrypted Messaging Protocol

  • OpenPGP encrypted Instant Messenger SafetyJabber

    OpenPGP encrypted Instant Messenger SafetyJabber

    SafetyJabber is a Jabber instant messenger with integrated encryption for Windows, Mac OS, iOS and Android. The messenger uses the XMPP transmission control protocol (TCP), an open standard developed by the Jabber open source community and compatible with any other of the bountiful IM clients supporting XMPP, this includes Google Talk, Jitsi, Pidgin, Trillian and Gibberbot, but not ICQ, Yahoo Messenger or Skype.

    After the installation you will be asked to create a new PGP keypair or to import your own, key length can be up to 2048 bit and the encryption keys password is optional. If you are familiar with PGP encryption everything will be intuitive, otherwise you can watch one of the video tutorials in the developer’s site or read the included help manual with screenshots, there is a user support forum too but everything appears to be in Russian.

    Before you can start chatting you will need to create a Jabber account first in any Jabber public server, a list can be found with a quick Internet search. Once you have registered for an account enter the given server settings in Accounts>Add, specifying to encrypt the connection with SSL or StartTLS, those details should be given to you during registration. The Advanced Setings button allows you to enter proxy details to connect to the server, this will hide your real computer IP from the Jabber server.

    Encryption OpenPGP messenger SafetyJabber
    Encryption OpenPGP messenger SafetyJabber

    The premium version version of this program removes an advertising banner, allows for bigger encryption keys of up to 4096 bit, comes with a portable version and a screensaver utility with hotkeys to lock your computer while you are away and to quickly shut it down during an emergency using the hotkey. The program features are simple but enough for all one needs, you get notified when contacts come online, conversations can be logged and there are smilies and a system tray icon with sound notifications, all of this can be configured within the settings. You can download SafetyJabber source code from the official website, checking that there is no backdoor and freely modify the code to add anything you want were you to have the skills for that.

    The most appealing thing from SafetyJabber for me is that you can look at the source code, very important for a security product, and they use an encryption standard like OpenPGP. This messenger will make sure that nobody can read the IM conversations with your friends, the private encryption keys always remain in your power and are not stored anywhere else, the only downside is that if you would like to send encrypted files you will have to pay for the premium version.

    Visit SafetyJabber homepage

  • Retroshare P2P encrypted chat and filesharing

    Retroshare P2P encrypted chat and filesharing

    Retroshare is a decentralized open source friend-to-friend (F2F) Instant Messenger tool with group file haring capabilities and encryption, friends need to be invited before they are able to take part in the chat, you can create a group chat using a friends list, in group chats a forum can be used to distribute files in between acquaintances, the files are distributed in a multihop swarm system, even if one person goes offline, the files are still available as they can be downloaded from more than one source in parallel.

    It is possible to post links on a public chatroom, the links are on the form of “retroshare://” and whoever clicks on them will need to have the software installed for them to work, this is an ideal program to securely transfer files in between friends with no central server keeping logs and your private encryption key kept in your hard disk with no possibility of leaking it out. Authentication is done using GnuPG encryption keys (GPG4Win is included in the Windows installer), connection is through SSH and OpenSSL is used for end to end encryption.

    Retroshare encrypted chat and file sharing
    Retroshare encrypted chat and file sharing

    Upload and download speeds will depend on the user’s available bandwidth, file sizes of more than 2GB are supported, a private friend to friend network like Retroshare solves the problem of strangers reporting on controversial files being shared but friends IPs are still visible and if someone steals a members identity the whole network will fall, due to its multiphop nature the original uploader might hide his computer’s IP from the person downloading from him but other people IPs sharing that file in the network will be visble, leading to the original source following them, disabling IP/certificate exchange services improves anonymity.

    You can use Retroshare with a Virtual Private Network (VPN) to hide your real IP and improve your network anonymity, as VPNs are known to keep logs for a shorter time than ISPs do, there are no VPN incompatibilities of any kind, the software is available for Windows, Linux and MAC.

    Visit Retroshare homepage

  • Jitsi the encrypted chat software with VoIP and video

    Jitsi the encrypted chat software with VoIP and video

    Jitsi is an instant messenger with VoIP and videochat compatible with any other IM software supporting SIP (Session Initiation Protocol), an application layer protocol for voice over IP, XMMP/Jabber (Extensible Messaging and Presence Protocol), an open standard communications protocol used by Google Talk and most open source instant messengers, MSN/Windows Live Messenger, AIM, Bonjour, ICQ, Yahoo Messenger and Facebook chat, one of the few not supported IM is Skype.

    Call encryption is implemented with SRTP (Secure Real-time Transport Protocol), a protocol with no effect on voice quality providing encryption using the AES cipher as default, authentication and message integrity, together with ZRTP, an open source protocol from Zfone for public key encryption in VoIP chats that can also be found in secure Linux instant messengers like SFLphone.

    Jitsi encryption chat software
    Jitsi encryption instant messenger

    Jitsi IM main features

    • Encrypted audio and video calls
    • Support for most instant messenger software
    • Call recording in SIP and XMPP (MSN in progress)
    • File transfer preview, small photo thumbnail preview before accepting file

    This secure instant messenger will encrypt video and voice calls across all services, including group chats, besides that, feature wise is pretty basic with little to show other than emoticons, text formatting, file transfer preview and avatars, this is a useful chat software with IPv6 support for those who care about privacy and security in VoIP and video conferences with no interest in playing songs while chatting or changing the IM skin/looks, a great IM for businesses due to its security and lack of bells and whistles that tend to reduce productivity while chatting, the messenger itself can be password protected and passwords are stored encrypted.

    Visit Jitsi IM homepage