Thread replies: 93
Thread images: 10
Thread images: 10
File: wire vs signal.png (72KB, 997x481px) Image search:
[Google]
72KB, 997x481px
Which one, and why?
>>
>>134718130
Does wire work in on whisper sync too?
>>
Both are compromised by the NSA.
Wickr is the only safe messenger right now.
>>
>>134718999
>t. NSA
>>
>>134718850
https://en.wikipedia.org/wiki/Wire_(software)
>Wire provides end-to-end encryption for its instant messages. Wire's instant messages are encrypted with Proteus, a protocol that Wire Swiss developed based on the Signal Protocol
>>134718999
Cite your sources, anon.
>>
File: 1486407130554.jpg (63KB, 917x1080px) Image search:
[Google]
63KB, 917x1080px
>>134718130
As a statist constitutionalist, you faggots need to calm down
Unless you get warranted for a fucking felony or are suspected for literal terrorism, you'll literally never have to worry about anyone going through your texts ever
The NSA doesn't give a fuck about your conspiracy theory messages or cult rituals, or even your degenerate sexting, they only care about knocking out enemies of the state, foreign and domestic.
>Inb4 the PATRIOT Act was a bad thing
>>
>>134719239
Don't care. In this day and age, where encryption is so easy to pull off, there is no excuse not to use encryption.
>>
>>134719135
Well I already don't trust signal anyway cause open whisper was developed by a 'miraculous' jew and I can already read about the man in the middle attacks wire had, I'll stick with telegram
>>
>>134719344
I actually agree with this, I'm just salty right now because I dropped my phone in a pool and don't have anything to text with now
>>
>>134719344
I use signal because of the self delete function and no screencap options
>>
>>134719462
Telegram's encryption has been broken multiple times. Wire actually paid to have their shit audited. https://www.x41-dsec.de/reports/Kudelski-X41-Wire-Report-phase1-20170208.pdf
Telegram is literally the worst choice you could choose. WhatsApp would be better.
>>134719616
>No screencap options
There's no way to prevent that indefinitely. Snapchat is proof of this.
>>
From what I've examined personally, the Proteus protocol (Wire) seems to be up to par with Axolotl/3-DH (Signal), but also has many more features than signal that make it more desirable for social use
>>
>>134719955
Does both Wire and Signal encrypt their group messaging, their video chats, and their voice chats?
>>
>>134718130
Ummmm....both are compromised. Assange sorta spilled those beans.
>>
>>134720113
Can you cite that? Genuinely interested.
>>
>>134719900
Meh it has dank pepe stickers and wire has been broken too even the Wikipedia article mentions that
>>
>>134720334
Where does it say that? Also, Telegram shows no interest in patching their broken encryption.
>>
>>134720101
For chats, both do.
For calls, wire all around and signal only on mobile.
For video, only wire.
Wire is also HQ's in Switzerland, vs Signal in the US.
>>
>>134719900
I tested it, but obviously you can just take a picture using a different phone. I like the expiring message feature most. the Snapchat leaks were from an add-on I think
>>
>>134720539
I think Wire has expiring messages, as well.
>the Snapchat leaks were from an add-on I think
They were. And there was nothing they could do to stop it, shy of letting you know when a screengrab was taken. It's not hard to imagine that their problems will become Signal's problems if/when it becomes mainstream enough.
>>
>>134720491
Sounds like Wire is a lot more versatile.
>>
>>134720491
It's apparently hosted inside the EU with EU laws or something,, I don't know how draconian they are compared to the US
>>134720489
All right they patched their system I'll give it a try will you be adding pepe sticker?
>>
>>134720796
Wire is Swiss. Switzerland isn't in the EU.
>All right they patched their system I'll give it a try will you be adding pepe sticker?
I'm not actually trying to shill once service over the other, but trying to learn more about both. I meant it when I asked where it said on the wiki article that their encryption was broken. A Ctrl+F didn't find anything, nor did a quick cursory glance.
>>
File: Screenshot_20170724-085844~01.png (146KB, 1080x748px) Image search:
[Google]
146KB, 1080x748px
>>134720986
>>
>>134720764
It's certainly easier to get friends to join, as it seems like another messaging app; not complicated and "techy". It you want real security go with signal though (journalist, public official, etc) as you can pick between P2P communication and going through the server. Also Signal only had your phone number, so registering with a burner makes it almost impossible to trace back. Wire has more info available but they can't be pressured by the US (strict Swiss privacy laws).
>>
File: Screenshot_20170724-085827~01.png (347KB, 1071x1414px) Image search:
[Google]
347KB, 1071x1414px
>>
>>134720743
The only problem with Signal is that so few people have it. How large is Wire's user base, do more of your contacts use it? I can only message 3 people on Signal.
>>
>>134721194
>so Signal only had your phone number
Can't you do the same with Wire or just create an email soley to register with Wire?
>Wire has more info available but they can't be pressured by the US (strict Swiss privacy laws).
Apparently not, looking at >>134721144
>>
>>134721204
Ok. So where does it say that the encryption was broken? Going e2e encrypted seems to have helped with the security problems listed.
>>
File: 1479692500076.jpg (46KB, 1280x720px) Image search:
[Google]
46KB, 1280x720px
>>134719239
>>Inb4 the PATRIOT Act was a bad thing
I dont like my printers consuming extra yellow fucking CIANIGGER
>>
>>134721812
You reminded me that I want to try Temple OS.
>>
>signal
It's great but nobody uses. So there's no point of me using it.
>>
File: Score one for the good guys.png (4MB, 1700x1700px) Image search:
[Google]
4MB, 1700x1700px
>>134721954
>>
(((>>134719239)))
>don't worry goys, I mean guys
>we'll only kill enemies of the (((State)))
>>
File: 4L_UoaA4P4N.jpg (83KB, 750x504px) Image search:
[Google]
83KB, 750x504px
>>134721375
Of course your could just create an email with Tutanota/ProtonMail/RiseUp (although I don't recommend the later two) and use that email, or a temp email service like 10MinuteMail/GuerillaMail.
Pic related, also this;
>While Switzerland is not a member of the European Union (EU) or of the European Economic Area, it has partially implemented the EU Directive on the protection of personal data in 2006 by acceding to the STE 108 agreement of the Council of Europe and a corresponding amendment of the federal Data Protection Act. However, Swiss law imposes less restrictions upon data processing than the Directive in several respects.[12]
>In Switzerland, the right to privacy is guaranteed in article 13 of the Swiss Federal Constitution. The Swiss Federal Data Protection Act (DPA)[13] and the Swiss Federal Data Protection Ordinance (DPO) entered into force on July 1, 1993. The latest amendments of the DPA and the DPO entered into force on January 1, 2008.
(https://wikipedia.org/wiki/Information_privacy_law)
You're data is heavily protected by Swiss law, as well as EU privacy protections against intelligence agencies from the US among others.
>>
>>134719239
>as a statist
Lol, get cancer faggot.
>>
>>134718130
signal
>>
>>134722855
Why don't you recommend Protonmail/RiseUp? I use Tuta, because I want the premium features it offers, and it comes at a less-steep price than Proton. Never heard of Rise Up.
>>
>>134723129
>Be libertarian
>Believe in literal fantasy that's on par with Marxism but it's somehow better
I'd recommend Machievelli but you probably already have The Prince formed into a buttplug in your ass
>>
File: threema.png (308KB, 674x403px) Image search:
[Google]
308KB, 674x403px
>>134718130
>trusting a "free" app to provide you with encrypted communications
>trust us we're just a charity!
>>
>>134723777
Looking at the flag, I would have guessed Anarcho-Communist.
>>
>>134723702
Proton
>Filters traffic through Israel for "DDOS protection"
>Can't verify backend software
RiseUp
>Warrant canary no longer present
I selfhost Tuta;
https://github.com/tutao/tutanota/blob/master/README.md
Can't saw I'm thrilled with JS encryption, but self hosting + domain whitelist quells my suspicions
Wish they had an onion link like Proton though
>>
>>134719900
>Telegram's encryption has been broken multiple times
Any proof on that?
>>
>>134723957
I'd say you had a point if Wire (at minimum) didn't have a way to make money (Teams is in beta, and it seems like it allows you to use your own servers) or if threema was open-sourced.
I don't trust closed-source encryption. If I did, I would be using an iPhone.
>>
>>134723957
>FOSS app
>You can host the server + self compile the app
???
>>
>>134724266
http://news.softpedia.com/news/Encryption-In-Telegram-Messenger-Is-Completely-Broken-474106.shtml
https://security.stackexchange.com/questions/49782/is-telegram-secure
>>
>>134724255
I preferred Tuta's response to their DDoS attack: just shove all the weird addresses (which are mostly allowed due to subscriptions) into the Spam folder by default.
That said, I know that Tuta is hosted in Germany, and the privacy laws, while stronger than the US, are certainly weaker than Swiss laws.
>>
>>134718130
People over the age of 17 use instant messaging apps?
>>
File: 4L_o5Wnuzo5.png (59KB, 687x339px) Image search:
[Google]
59KB, 687x339px
>>134724307
I use iOS and sign all apps my self
>>
>>134724673
I started researching them because I have a poor friend that sometimes gets his phone turned off, and was looking for an alternative to calls/text that wouldn't be a privacy nightmare on my phone. I also have friends elsewhere around the world, but I'm not really making new friends from Hong Kong or anything, so I just need a good way to keep in touch.
So yeah, I guess I do.
>>
>>134724682
I wouldn't even know how to begin to do that.
>>
>>134724604
Def true, which is why I use OpenPGP/GnuPGP just to be safe. I do feel better that there's a paid version (if you don't buy a product, you are the product) for only $12
I really don't trust anything that I don't have physical access to. Tuta is the next best thing; e-e encryption + PGP is an almost full proof setup, and its only flaw is that the recipient could be infiltrated, but that's true with everything so…
>>
>>134725105
Does tuta allow PGP?
>>
>>134718130
Signal. Source is open and most encrypted chats use it.
>>
>>134724962
Yeah Wire would be your best bet then.
>>134725021
It's actually pretty easy. If you have a mac, it's as easy as downloading Xcode from the App Store and downloading Cydia Impactor + the compiled iPAs. You have to resign every week, but I like that because it forces you to be up to date and check to make sure everything me secure
>>
>>134725377
>It's actually pretty easy. If you have a mac, it's as easy as downloading Xcode from the App Store and downloading Cydia Impactor + the compiled iPAs. You have to resign every week, but I like that because it forces you to be up to date and check to make sure everything me secure
I use Linux Mint.
>>
>>134725175
Yeah I believe so, although you have to do it locally which can be a pain. If you're sending secure stuff, you can never be too safe.
>>
>>134725591
Thanks for all the info. Any idea when Tuta is gonna implement 2FA?
>>
>>134725478
There is a version available for Linux users (32 or 64 bit) :)
No xcode or iTunes needed now that I'm looking at it, and the author is very reputable. Only problem is that the auto update prompt is broken on Linux, so you have to manually check, but I do that any way as I don't want to give programs to auto download content that may be compromised (like Linux mint was as a time)
>>
>>134725703
As recently as May 11, 2017, they said they're testing a new client with 2FA included.
>>
>>134726188
Tried it in /g/. Here is both responses:
> Doesn't matter, not like I have friends that would use it with me anyway
>all my friends use imessage.
>also, I don't deal drugs and don't do anything bad so I have no use for either of these.
Super helpful.
>>
>>134718130
> trusting the encryptjew
lmao well memed lad tell me more about how the juden doesnt already know everything you write and will write
>>
>>134724485
>http://news.softpedia.com/news/Encryption-In-Telegram-Messenger-Is-Completely-Broken-474106.shtml
This is complete bullshit, he's stated that he rooted the phone and was able to retrieve texts locally, yeah no shit Einstein, if you root your phone you get full access doesn't take a genius to realize that.
>https://security.stackexchange.com/questions/49782/is-telegram-secure
1st answer is just "dont roll your own crypto", all crypto once started out as somebody's "own crypto" sorry but neither of these links prove that telegram has been broken
From that answer
>https://www.alexrad.me/discourse/a-264-attack-on-telegram-and-why-a-super-villain-doesnt-need-it-to-read-your-telegram-chats.html
>Overall, I would estimate that a full attack costs in the tens of millions USD in infrastructure and electricity to pull off and get a full fingerprint collision in reasonable time. Attackers may also be able to steal or borrow existing infrastructure, like a botnet or supercomputer system. In other words, this should be within some Super Villain's budget.
Seriously now?
From the other PDF linked in the answer
>We stress that this is a theoretical attack on the definition of security and
we do not see any way of turning the attack into a full plaintext-recovery
attack.
So the encryption hasn't been broken then?
>>
>>134726640
Telegram's MTProto is honestly just terrible.
>>
>>134726828
Ow wow, thanks for the detailed argument showing me exactly how their crypto is broken, no? Kys
>>
>>134726640
I see you didn't even bother reading the link from that first answer explaining the problems with telegram:
https://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
>So, what is the system’s architecture? Basically, a few servers everywhere in the world, routing messages between clients. Authentication is only done between the client and the server, not between clients communicating with each other. Encryption happens between the client and the server, but not using TLS (some home made protocol instead). Encryption can happen end to end between clients, but there is no authentication, so the server can perform a MITM attack.
>Basically, their threat model is a simple “trust the server”. What goes around the network may be safely encrypted, although we don’t know anything about their server to server communication, nor about their data storage system. But whatever goes through the server is available in clear. By today’s standards, that’s boring, unsafe and careless. For equivalent systems, see Lavabit or iMessage. They will not protect your messages against law enforcement eavesdropping or server compromise. Worse: you cannot detect MITM between you and your peers.
I can't speak to Signal, but I know Wire has fingerprints for each and every device that uses it. So my phone and my pc both have unique fingerprints, and I can verfity the fingerprints of people that I add by checking their device's fingerprint, and comparing it to the fingerprint that shows up on my phone, which states that it is them.
Then, if they add a new device, the shield icon will only be half-filled, instead of completely full, letting me know that they have activated a new device, and it may be that someone hacked their account.
>>
>>
>>134726444
Don't be discouraged. iMessage actually is pretty good, but not ideal.
Bottom line is, Signal is good for journalists/investigators/politicians, Wire is better for social stuff. Using both depending on the situations is actually better, and pattern tracking is thrown off.
>>
>>134727060
>>134727235
>By today’s standards, that’s boring, unsafe and careless.
So still no explanation on how the crypto is broken then?
Also from their FAQ
>https://telegram.org/faq#secret-chats
>Secret chats are meant for people who want more secrecy than the average fella. All messages in secret chats use end-to-end encryption. This means only you and the recipient can read those messages — nobody else can decipher them, including us here at Telegram
Also from their protocol description
>https://core.telegram.org/mtproto
>Each plaintext message to be encrypted in MTProto always contains the following data to be checked upon decryption in order to make the system robust against known problems with the components:
> server salt (64-Bit)
> session id
> message sequence number
> message length
> time
The texts are salted. Even if I have access to the server the salting would mitigate any problems. Sorry but no you still haven't proved that their crypto is broken.
>>
>>134727590
iMessage is limited as to what phones could use it, which is the biggest problem I have with it. Almost all my friends use android or android tablets combined with dumb phones.
If iMessage was available on Android, it likely would have been good enough to use.
>>
>>134727711
You still didn't read the rest of the article.
>>
>>134727844
Yes I did, there's no explanation on exactly how the crypto is broken. And you haven't provided it either
>>
>>134727978
>Telegram greatly simplified the exchange by requiring three roundtrips, using RSA, AES-IGE (some weird mode that nobody uses), and Diffie-Hellman, along with a proof of work (the client has to factor a number, probably a DoS protection). Also, they employ some home made function to generate the AES key and IV from nonces generated by the server and the client (server_nonce appears in plaintext during the communication):
> key = SHA1(new_nonce + server_nonce) + substr (SHA1(server_nonce + new_nonce), 0, 12);
> IV = substr (SHA1(server_nonce + new_nonce), 12, 8) + SHA1(new_nonce + new_nonce) + substr (new_nonce, 0, 4);
>Note that AES-IGE is not an authenticated encryption mode. So they verify the integrity. By using plain SHA1 (nope, not a real MAC) on the plaintext. And encrypting the hash along with the plaintext (yup, pseudoMAC-Then-Encrypt).
If that doesn't explicitly tell you how the encryption is broken, then feel free to go do some research.
>>
>>134727774
>>134727774
It technically is, but unofficially.
https://github.com/bboyairwreck/PieMessage
Check this to see how they all pair up with Wire.
https://wire.com/en/privacy/
https://www.eff.org/node/82654
>>
>>134727978
Scrolling down on the same article
>Edit: Following Telegram’s comment, the AES key and IV will be different for every message. Still, they depend on the content of the message, and that is a very bad design. Keys and initialization vectors should always be generated from a CSPRNG, independent from the encrypted content.
At the bottom
>Edit 4: Someone found a flaw in the end to end secret chat. The key generated from the Diffie-Hellman exchange was combined with a server-provided nonce: key = (pow(g_a, b) mod dh_prime) xor nonce. With that, the server can perform a MITM on the connection and generate the same key for both peers by manipulating the nonce, thus defeating the key verification. Telegram has updated their protocol description and will fix the flaw. (That nonce was introduced to fix RNG issues on mobile devices).
So crypto isn't broken according to your own links and any issues have already been fixed. Just """"""bad design"""""
>>
>>134728661
https://www.alexrad.me/discourse/a-264-attack-on-telegram-and-why-a-super-villain-doesnt-need-it-to-read-your-telegram-chats.html
>>
>>134728910
Yes I already saw and addressed that you nigger See >>134726640
>From that answer
>https://www.alexrad.me/discourse/a-264-attack-on-telegram-and-why-a-super-villain-doesnt-need-it-to-read-your-telegram-chats.html
>Overall, I would estimate that a full attack costs in the tens of millions USD in infrastructure and electricity to pull off and get a full fingerprint collision in reasonable time. Attackers may also be able to steal or borrow existing infrastructure, like a botnet or supercomputer system. In other words, this should be within some Super Villain's budget.
>Seriously now?
>>
>>134728910
You are forgetting it has pepe stickers
>>
>>134721540
From what I can read (not a code monkey) the telegram encryption was broken in a similar way
>>
>>134729505
>https://www.alexrad.me/discourse/a-264-attack-on-telegram-and-why-a-super-villain-doesnt-need-it-to-read-your-telegram-chats.html
He then goes on to explain why that attack isn't necessary. So you already admit that the crypto is broken (without the workaround), but then the dude goes on to explain the work around, so that it wouldn't cost that much.
>>
>>134729620
>First, chats (including group chats) must be end-to-end encrypted by default. This avoids human error and information leaks. End-to-end by default is the case with Threema and TextSecure already.
Wire does this, as well.
>Second, the end-to-end encryption must move away from authentication per secret-chat conversation and go over to public-key cryptography for user identities. It is nonsense to authenticate a secret-chat session key. Instead, each user should have one or a set of public keys with which to perform key negotiation with. Users verify each other once, and that's it. OTR, Threema, and TextSecure all solved this problem ages ago as well.
Once again, Wire assigns keys to devices, not per communication.
Third, the user authentication is much, much too weak for a private messenger and adversaries who can afford SMS-interception can trivially hijack accounts and perform social engineering as well as view default chats. Another authentication scheme for accounts is needed as soon as possible, even passwords with two-factor authentication. This vector is by far the most likely real-world attack scenario where Telegram's servers are not compromised and it can be performed by any villain, not just super villains.
Wire offers an email verification (although they also offer phone verification via a phone call and text.
Finally, to honor privacy, Telegram must enable communications decoupled from the requirement for address books and a phone number so that people can use Telegram anonymously, which is not currently possible
Wire requires no access to the address book or a phone number.
>>
>>134729632
No no he doesn't explain, he says that telegram has your contacts list and that a super villain could theoretically intercept and SMS and get the verification code off of that
None of these things explain a flaw in the cryptography, of course intercepting SMS results in compromise, you don't need a genius to figure that out. In fact his only point is that he can compromise the whole thing if he can intercept SMS, which again isn't a flaw in the crypto
>>134729620
Stop listening to these retards and question it by yourself, the crypto is yet to be broken and the way they "break" the crypto is by intercepting the verification text.
>>
>>134729856
I'll give you 1 thing, telegram requires access to the contacts list which isn't good from a privacy perspective, but outside of that you don't have any actual criticisms.
>>
>>134730670
By your own admission, you have quoted without challenge that it could be defeated in an attack. An expensive attack, to be sure, but one nonetheless.
>>
>>134730858
Tbqh if I was a Swiss or an Indian citizen I won't worry about it, my government doesn't care and your cares too much
>>
>>134730858
Yeah of course an expensive attack worth MILLIONS could break it, an attack that well funded could theoretically break ANY crypto. Also every single text message is salted, literally every single one, even if you spent a shit ton breaking 1 texts crypto you'd have to spend a shit ton more for the next one and the next one and so on. This is outside reality.
>>
Telegram
>>
>>134731115
>An attack that well funded could break any crytpo.
Nah. Most cryptos have better design than telegram.
Telegram is on par with iMessage. Seriously, WhatsApp is more secure.
>>
>>134731371
Telegram has good features like self chat and a cloud it's pretty good as an archiving app too
>>
>>134719135
I guess it's proprietary shit, like Whatsapp or whatever the kids use these days?
In that case you can't really trust the encryption, especially not if it was made by mountain jews.
>>
>>134731115
>and this is the reversal drum
>it makes the enigma way safer because it encrypts a message again!
This is how your argument sounds.
>>
File: mountain-jew_o_2890111.jpg (196KB, 1024x681px) Image search:
[Google]
196KB, 1024x681px
>>134720489
funny how you demand proofs of wire and signal broken, yet provide nothing but empty claims that telegram is not encrypted.
Show proofs or gtfo from this board and get back hoarding your gold, mountain jew.
Thread posts: 93
Thread images: 10
Thread images: 10