Weekly Edition
Return to the Security page
| |||||||||||||
ScatterChat for encrypted instant messagingUsage of instant messaging (IM) is growing rapidly to facilitate real-time communication across the internet. Unfortunately, it provides the illusion of privacy which can fool users into chatting about subjects that they would not normally discuss in public. A new tool, ScatterChat has recently been released that provides a cross-platform solution for encryption over the public IM networks. Using it provides actual privacy for IM conversations without much additional burden for the user. ScatterChat is a 'friendly fork' of the Gaim IM client that adds encrypted chat, key management, and encrypted file transfer for many of the IM protocols supported by Gaim. In addition, ScatterChat optionally interfaces to Tor to provide traffic analysis resistance for additional privacy. It is available in source form for Linux and MacOS as well as Windows binaries. In order to use ScatterChat, a user first generates a public/private key pair that gets associated with a particular IM screen name. Once that is complete, the program logs the user into the IM network and provides the same basic interface as Gaim. A user can then choose a buddy to chat with and ScatterChat provides an extra button in the chat window to request encryption. If necessary, a key exchange is done between the user and their buddy, but one can always refuse encryption and the key exchange protocol will be silently ignored. This ability allows users to control who knows that they are using ScatterChat; if they refuse the key exchange, it will look no different than someone who is using a standard IM client. Once an encrypted session has been established (verified by the now familiar padlock icon), it works just like an unencrypted session. Users can type back and forth to each other but any intermediary will not be able to decrypt the traffic without compromising the keys. Even if the conversation is recorded, it cannot be decrypted without compromising the private keys at both ends of the conversation, providing 'perfect forward security'. Of course, one must be careful that the other end is not logging the conversation as that would store an unencrypted version of the conversation on the hard drive of the logger. ScatterChat seems to have a well thought out architecture and philosophy. Users are not allowed to choose encryption methods, key lengths or any of the other technical parameters that often accompany encryption tools. The choices made by the ScatterChat developers are very strong (2048-bit El Gamal public/private key with 256-bit AES symmetric encryption) and removing those kinds of choices makes it a much simpler solution to deploy for non-technical users. The developers also have chosen to use existing encryption code (libgcrypt) rather than creating yet another encryption library that needs to be audited. ScatterChat is targeted for human rights activists and dissidents who may be communicating through internet servers that are or can be subverted by oppressive governments. It may also be useful for those living in supposedly free countries whose governments have recently determined that spying on its citizens leads to better national security. A great deal of communication of a sensitive nature is done via IM these days and companies may wish to use this tool to secure chats between their employees to protect trade secrets and the like. Many IM users will not have any need for the capabilities provided by ScatterChat, as the NSA is probably uninterested in teenage dating gossip and the like, but for those who do, ScatterChat is an essential tool. (Log in to post comments)
MiM Posted Jul 27, 2006 3:51 UTC (Thu) by bryanr (guest, #25324) [Link] Looks like ScatterChat takes the ssh approach to authentication--blindly trust the initial key provided by a given entity, and store it to ensure that same entity provides the same key in the future.
That means the program can detect man-in-the-middle attacks, but
Kudos to them for mentioning this caveat in the end-user docs
MiM Posted Jul 27, 2006 13:39 UTC (Thu) by cventers (guest, #31465) [Link] http://www.philzimmermann.com/EN/zfone/index.html
I like the Zfone concept for dealing with unsecured key exchange - once
MiM Posted Aug 1, 2006 0:58 UTC (Tue) by bluefoxicy (guest, #25366) [Link] This is unfortunately true. The best route would actually be to use the user's PGP key; I've got one, I sign my e-mail with it by default. This would be useful because for confirmation the guy you're chatting with could send you an e-mail with an encrypted message; being able to read and reply to the message would signify that yes the correct key is in use.
A man-in-the-middle could easily replace things like "What's your e-mail address" and whatnot, as well as key exchanges, based on heuristics. j@boom.com could be detected, associated with a random e-mail and a direction, and get translated to the random address going out and from the random address coming in. This is easy to defeat but hey nobody is going to think about that.
But exchanging e-mails, replacing e-mail addresses in messages, paranoid key exchange... it's all irrelevant isn't it? Think about it; if you've got a GPG key already, it's probably tied to your e-mail. If you AND your friend already have GPG keys, they're probably BOTH tied to your e-mail. And further, you probably both already exchanged them, i.e. your mail client automatically downloaded it into your GPG keyring and it's already available.
The longer it goes on the easier it is to get caught; and a diverse set of key exchange and use mediums is going to expose a man in the middle unless he's got every pipe on the Internet in his control. Things like ssh or gaim-encryption suck like that, because they use their own little keys and no certificate authority or keyserver, making any attacks you want to carry out much simpler and more practical.
Also look at OTR Posted Jul 27, 2006 4:47 UTC (Thu) by fyodor (guest, #3481) [Link] I was at HOPE6 for the ScatterChat release and applaud their work toward enhancing privacy. People considering this tool may also be interested in Off-the-Record Messaging, which performs similar functions. It integrates as a Gaim module rather than a codebase fork, and also has been more carefully audited for security and cryptographic strength than the much newer ScatterChat.
ScatterChat for encrypted instant messaging Posted Jul 27, 2006 18:49 UTC (Thu) by seanpor (guest, #2564) [Link] Human rights activists mark themselves out by merely *using* encryption... which in many countries is a crime in itself.s/
ScatterChat for encrypted instant messaging Posted Jul 28, 2006 10:51 UTC (Fri) by dion (subscriber, #2764) [Link] So what you are saying is that someone should write a steg version of this that hides the real messages inside inane teenage dating gossip.
With the amount of variable spelling in teenage sms-speak the steg'ed message should be 100% undetectable.
ScatterChat for encrypted instant messaging Posted Jul 29, 2006 18:05 UTC (Sat) by nlucas (subscriber, #33793) [Link] That's where Skype has the advantage. All chat is encrypted from the first version (that I used at least) and no mechanism to disable it (although maybe it's not the most secure method).
What we really need is for tools that take security concerns right from the start. Privacy concerns should be a standard feature, not an option.
ScatterChat for encrypted instant messaging Posted Aug 2, 2006 11:00 UTC (Wed) by kleptog (subscriber, #1183) [Link] One hopes they use some kind of Diffie-Hellman key exchange. That gives you perfect forward secrecy, even if the keys are compremised. The public/private key pairs are more for avoiding man-in-the-middle attacks.
Jabber/XMPP "Encrypted Sessions" Posted Aug 11, 2006 21:34 UTC (Fri) by nealmcb (subscriber, #20740) [Link] See also the Jabber/XMPP work on "Encrypted Sessions"
http://www.jabber.org/jeps/jep-0116.html
and the June paper from Peter Saint-Andre about
http://www.jabber.org/jsf/trust-proposal.html
|
|||||||||||||