Jump to content

Save option for encryption app


blueghosties

Recommended Posts

Greeting all,

I am writing an encryption app for both iPhone and android devices and have come to a fork in the road...(ooo, bad pun)...I wanted to create a 'Save' option to store the encrypted texts locally on the device, but after the revelation of vault 7, I am thinking that maybe it's better to have users save their texts off device elsewhere. The Key is generated on the device locally and stored locally. The Key is protected and has self destruct mechanism, but my concerns are that they would both reside on the device and then could be fully compromised. With the ability of these agencies, where do we go from here?

My question: would it be better to save off device or just store it locally? 

Any thoughts and elaborations are greatly appreciated.

Link to comment
Share on other sites

11 minutes ago, digininja said:

Tell us more about the app, who is it aimed at? What is its use case? What are you trying to achieve with it?

Are you potential users likely to be targeted by the CIA?

The app is geared toward everyday users. Uses AES 256-bit encryption. It is strictly text based for the moment. My aim for this app is to give back privacy to users.

It seems that with the expanse of the CIA operations, everyone, everywhere seems to be a target. I'm hoping that no one using my app would be a target for the CIA, but it's no longer our definition of who is a target, it's now the government that declares it. I'm hoping to protect journalists. When Trump can claim them as a 'enemy of the State', anyone speaking out then would be as well. I want my app to help allow those voices to continue. Please pardon my waffling. 

Link to comment
Share on other sites

What would the advantage of your app be over WhatsApp or Signal?

Developing solutions that include crypto is hard, those two apps have had a lot of work put into them and a lot of public scrutiny.

Link to comment
Share on other sites

19 minutes ago, digininja said:

What would the advantage of your app be over WhatsApp or Signal?

Developing solutions that include crypto is hard, those two apps have had a lot of work put into them and a lot of public scrutiny.

It seems that Signal has been under gag order from 'the Courts' for over a year and most likely had to give backdoor to agencies. WhatsApp is owned by FaceBook...that's been a CIA monitoring tool before shares went public.

MixyBits doesn't have any messaging capabilities, so it won't be transmitting any data...but could be used in conjunction with Signal and WhatsApp. Keys can be generated easily and shared if one has the ability to share those Keys securely. It has become increasingly difficult to make anything secure these days, but I'm damn well going to try. Help from you and others in the 'security' field will up the chances of that prospect coming to fruition. We all deserve to have a voice without being monitored by a Nanny State. If they won't allow it, then we have to create it and do it anyway.

Link to comment
Share on other sites

I'll happily hold my hand up and say that I'm no where near smart enough to build an app that I would recommend anyone uses to transmit or store sensitive information. To do that well takes a lot of work by people who know the field inside out.

If you want to get the tinfoil hat out over monitoring of existing tools, how do we know that you aren't the CIA trying to get us to use your tool that has build in backdoors? Sometimes the most innocuous of errors, an = rather than == can make a huge difference.

Link to comment
Share on other sites

36 minutes ago, digininja said:

I'll happily hold my hand up and say that I'm no where near smart enough to build an app that I would recommend anyone uses to transmit or store sensitive information. To do that well takes a lot of work by people who know the field inside out.

If you want to get the tinfoil hat out over monitoring of existing tools, how do we know that you aren't the CIA trying to get us to use your tool that has build in backdoors? Sometimes the most innocuous of errors, an = rather than == can make a huge difference.

You wouldn't know, would you? If I'm not to be trusted, then why would you trust someone you've never known, never met, allow their app on your device at all? If that's case, you shouldn't trust anything on the market to begin with. I'm trying to make a start and hopefully help some people along the way. If people consider what is now known about 'agencies' as a tinfoil hat, then I guess they've made a choice for a blindfold instead.

I will gladly allow people on this forum to beta test and try to hack the app if it will help make a more secure program. I will even go so far as to offer certain individuals access to the source code to verify that it is what it is. 

Link to comment
Share on other sites

Depends on the threat model, for secure comms I'll trust something like WhatsApp or Signal that has had a lot of peer reviews and is trusted by people I trust.

If you are sure about your systems then open the source up, let it be peer reviewed, that is the only way to get complete trust.

Link to comment
Share on other sites

16 minutes ago, digininja said:

Depends on the threat model, for secure comms I'll trust something like WhatsApp or Signal that has had a lot of peer reviews and is trusted by people I trust.

If you are sure about your systems then open the source up, let it be peer reviewed, that is the only way to get complete trust.

I think I will do just that. I will go over the source and get it ready for review.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...