Safe online communication (short)

Tomcat

Tomcat

Professional
Messages
2,689
Reaction score
981
Points
113
90498838174d6ff1b0da8.jpg


We have all known for a long time about the mass of different ways to secure our correspondence on the network. This article presents the most popular methods for encrypting messages. Briefly and thesis, without going into technical details. The article is intended for those who have not yet decided on the method of encrypted communication.

Jabber is our everything
XMPP is an open, XML-based, free-to-use protocol for instant messaging, file, voice messaging, and more.
This protocol has many advantages:
  • Decentralization (independence from the central server)
  • Complete absence of spam
  • Encryption (OTR in Pidgin, PGP can be used with any other client)
  • Possibility to change the server
  • Not tied to one developer: there are many different clients working on XMPP (Pidgin, Psi + and others)
  • Security (isolation)
  • Flexibility
  • Reputation (used by many multinational companies to form private and corporate servers)
If you are interested in technical subtleties and explanations, as well as weaknesses of the XMPP protocol.

What is OTR?
To send secure messages, the OTR (Off-the-Record) cryptographic protocol has been developed. To create strong encryption, the protocol uses a combination of AES algorithms, symmetric key, Diffie-Hellman algorithm, and SHA-1 hash function.
The main advantage of OTR over other encryption tools is its application on the fly, rather than after the message has been prepared and sent.
For use in third-party applications, the protocol developers have created a client lib. Therefore, to protect data transmission over IM channels, you can use specially designed applications for protection.
In other words, OTR is a way to encrypt messages in real time (or as close as possible to it), a fairly simple and reliable tool to use.

Some programs that support OTR for instant messaging:
  • Pidgin (for Windows or Linux)
  • Adium (for OS X)
  • ChatSecure (for iPhone and Android)
  • Jitsi (Linux, Windows, Mac OS)

What is PGP?
PGP (English Pretty Good Privacy ) is a computer program, also a library of functions that allows you to perform encryption and digital signature operations of messages, files and other information presented in electronic form, including transparent encryption of data on storage devices, for example , on a hard disk
An encryption system in which you have two keys - private and public. What is the whole point of this encryption? An example described below can be found. In it, by the way, the entire PGP encryption mechanism and the principle of operation in general are described in some detail and clearly.

Let's take a simple text like “Hello Mom!”. Let's encrypt it: turn it into a code that is incomprehensible to prying eyes (say, "OhsieW5ge + osh1aehah6"). We send this code over the Internet. Our message can be seen by many people, but who among them will understand the content? In this form, the letter will reach the recipient. He and only he can decrypt and read the source text.
How does the recipient know how to decrypt the message if no one else can? The recipient has additional information that is not available to others. Let's call it the decryption key. This key decodes the text contained in the encryption.
The sender must inform the recipient of the key in advance. For example, "try to read the message by its reflection in the mirror" or "each letter should be replaced with a letter that follows in alphabetical order." This strategy has a flaw. If you think your mail might be intercepted, how do you forward the key? After all, the attacker will intercept him. Then there is no point in sending encrypted messages. On the other hand, if you have a secret way to transmit the key, why not use the same way to send all secret messages?
Public key encryption is a great solution to the problem. Each person participating in the correspondence can create two keys. One key (private) must be kept secret and never passed on to other people. Another key (public) can be transferred to anyone who wishes to correspond. It doesn't matter who gets access to the public key. You can upload it to the network, from where everyone will download it.
The "keys" themselves are in fact very large numbers with certain mathematical properties. The public and private keys are linked. If you encrypt something with a public key, you can only decrypt it with a pairwise private key.

What about messengers?
Of course, the most convenient communication option is messengers, which we actively use on our smartphones. Of course, it's best to also use a VPN (OperaVPN or GlobalVPN).
What messengers are popular?
1) Telegram is, of course, our own and any cart. Encryption is based on the MTProto protocol. This protocol assumes the use of several encryption protocols at once. For authorization and authentication, RSA-2048, DH-2048 algorithms are used for encryption; when protocol messages are transmitted to the network, they are encrypted with AES with a key known to the client and server. SHA-1 and MD5 cryptographic hash algorithms are also used.
If we talk about the "secret chats", this mode implements encryption, which only the sender and the recipient share a common key (end-to-end encryption), using the AES-256 algorithm in the mode of IGE's (Engl. Infinite garble the Extension) to forwarded messages.
2) Wickr is a telegram alternative that also supports several encryption standards (AES 256, ECDH 521, RSA 4096 TLD).
Wickr is marketed as an application that leaves no residue. It destroys your messages not only on users' smartphones, but also on servers. In addition, the program itself has a complete and final erasure function, after which the messages cannot be restored even by special means.
Wickr provides encrypted transmission of almost all kinds of content, including images, audio and video. It prevents you from copying or forwarding messages or content to third parties, and prevents you from taking screenshots. The authors promise military-grade encryption.
I cannot give any comments, since I have not used this application, but I have heard a lot about it. I see no point in covering the rest of the applications, if you are wondering what others. This is due to the fact that there is no desire to create hidden advertising for competitors in the application that I consider the best.

How else can you hide your correspondence?
There are such services that allow you to send temporary links with messages, files, and more. These links are self-burning, you can adjust the mode: burns out after reading, after an hour, a day, etc. Also, links can be additionally password protected. You can send the link in any way convenient for you.
Most developers say that there are no logs and links are not archived or stored anywhere, and the content is encrypted using various algorithms. There is no certainty about this information. However, I have used this service several times when communicating with the fake Facebook.
Service examples: secureshare pw, privnote com, pastebin com

Anything else?
Also, there are even anonymous social networks (Diaspora, Frendica). If you agree on some dark business and are far from all this, you can communicate in online games, for example. But this is already old school.
We hope this article was interesting and helped those who have not yet done so to decide on ways to protect their correspondence.
A little later, a detailed setup manual will appear on our channel: TOR, PGP, PIDGIN + OTR, PSI. Keep for updates.

All security and anonymity for you.
 
You must log in or register to reply here.

Similar threads

Professor
Setting up Raspberry Pi
Replies
0
Views
154
Professor
Professor
Professor
How P2PE and DUKPT Work: Cryptographic Analysis
Replies
0
Views
309
Professor
Professor
Man
Write our own program for file encryption
Replies
0
Views
399
Man
Man
chushpan
Data encryption
Replies
2
Views
393
Cloned Boy
Cloned Boy
Man
Choose from the five most private and secure messengers
Replies
0
Views
540
Man
Man
Back
Top