Chatting with strong cryptography

Leave a reply

For the last year or maybe a little more I have been tinkering with a strong open-source chatting application written in 100% nodejs, I can’t say I have a breakthrough or anything, but I do have something to show now!

Problem: There is potential for the government to spy on your chats or decrypt your traffic and see what you are doing, and it’s not so much that you’re doing anything wrong, it’s just creepy…

Mid Solution (1): Use Skype or something similar, but time and time again it has been shown that the traffic can be decrypted, by Microsoft!.. (http://arstechnica.com/security/2013/05/think-your-skype-messages-get-end-to-end-encryption-think-again/)

Mid Solution (2): Use one of the newer instant messengers that support cryptography (https://torrentfreak.com/pirate-bay-founder-announces-encrypted-nsa-proof-communication-apps-130710/), but dang it’s not open source, so how do we know it’s encrypted?? (see Mid Solution (1)). I am not saying this messenger isn’t fine, it’s just I don’t know.

My Solution: Build my own instant messenger that is full of cryptography and use a “Mailman” (or maybe “Mailperson”) to deliver a cryptographic message when necessary. Direct connect anytime else (coming soon). And Make the whole codebase open source, so people can see the source code, and scrutinize it, and submit bug fixes and features. We call it Crypto Chat…

How Does it work?

Simple.
cryptochat

As you can see, the messages even though they are sent to a server platform, are encrypted 2 times, 1 time for the mailman to do the delivery, this message contains something like this:

{ Command: 'Send',
  To: 'b16941f4-3c2d-4de8-a99c-82ae65ad5b5a',
  From: '2fcf5726-8d1e-477c-a7bb-2532fe0a16c2',
  Crypted: 'j6rNKqProeeLzIhfumFuVvGfg1j9M8F+taZTk44H1f7u53M1+ogpdArluWtxy4x9iScUxXS91HdKbzrrgA+fJTATfLqgLrL9eDPXE78L2ROptfBzY65bhu/Zf1aMLCJrTHmf9Em9bqd8i7kD1fkaMxA5Zp2SznW/M72M1dV6yYM=' }

The UUID is generated by the server the first time the client opens crypto chat.
The only thing the mailman sees is the “From” UUID and the “To” UUID, this allows the server to deliver the message, The Decrypt would fail if the server attempted to decrypt the crypted variable.

I bet you’re asking yourself, how can the two clients exchange keys if the server is in the middle since AES uses a shared key. It’s simple really, we use a Diffie Hellman Key Exchange to share the key, Want to know more about Diffie Hellman? Check out this video:

The code isn’t complete yet, but Matt and I were having a conversation today.

Also Attached to this post is the wireshark of the conversation.

–John “Chatterbox” Hass

I am releasing this Code under GPLv2 license. And it will break.

cryptochat.pcapng
cryptochat.nw (the node-webkit source)
cryptochatspringboard.zip (the mailman)

Leave a Reply

Your email address will not be published. Required fields are marked *