In the modern day, there are a plethora of instantmessaging applications at disposal to allow you to communicate, send photos and videos, and share your location with family and friends. The same is true about the Government housing all this data. So, I thought I’d add some context as to what you can do to improve security when using instant messaging applications.
The best thing about factual topics on the internet are, you can quote and use them to literally reiterate the same fact on your own post, and it’s for a good cause; keeping things factual.
Why do I need an encrypted chat program?
You do not necessarily need an encrypted chat program, however it is important to those whom wish to have privacy with those they speak to. Any message (ASCII), photo, video or voice recording transmitted via Facebook, Snapchat, Instagram or even conventional SMS can (and most likely) is stored in some centralised database, building a profile of you.
Do you remember people complaining Facebook knows what they look at on their phones? As an example, this post goes into detail about data you are sharing with Facebook, even though you are not directly opting to do so (read the terms of service next time):


The main reasoning behind the highlighted items are that in unison, anyone with access to this data can isolate your location, recent visits and what devices you have on you. Not only does this potentially make you vulnerable to tracking from people, but opens you up for someone to steal your identity (yes, these are very dramatic repercussions but still valid).
 Device you’ve accessed the Internet from
Services (this is not limited to Facebook) should not have the ability to catalogue the devices tied to an account.
With this ability, they are able to (stemming to the next point) always have a geolocked location of the device (and assumed person) at their disposal.
 Exact Geolocation (longitude, altitude, latitude, time/date stamp)
Exact. What the actual Foxtrot Unicorn Charlie Kite? Services knowing where I am, at whatever time is a clear abuse of power.
Using this information, patterns of travel and location can allow you to be tracked. Using services such as Facebook to allow geolocation tracking is absurd in my opinion.
 IP Address
If you know my public IP via a NAT you can easily sniff and track web usage of certain people; again, what the actual Foxtrot Unicorn Charlie Kite?
 Websites you’ve visited
Because Internet Censorship is what everyone wants, right? Having ISP logging Metadata and services knowing website you visit is a sheer breach of personal privacy.
 Book or publication you are currently reading
Personally, I read a lot of politically incorrect publications (not that I am some crazy person) and I’d like to keep that private; Facebook knowing I am “Googling” terrorist attacks and researching them should not be recorded without my implicit confirmation.
Now of course, it is impossible not to use services that record all this data (Personally Google knows everything about me) but there are valid techniques to mitigate the collection and aggregation of this information.
What are the things I should look for in set program?
This is a broad and rather opinionbased topic point. Discussion relating open sourced, closed, crossplatform and protocols are open for debate.
Personally (and I am not a security expert), there need to be 3 options available in an application to make it secure:
 Open source, peer reviewed;
 Defacto encryption standards and;
 Non identifying signup requirements.
Open source, peer reviewed
This topic has a lot of scrutiny about it. One point being vulnerabilities are shared with anyone reading the code, but at the same time, greater set of eyes allow this to be patched faster.
My opinion is summarised by this statement:
Do I choose Safe Number One that’s advertised to have halfinch steel walls, an inchthick door, six locking bolts, and is tested by an independent agency to confirm that the contents will survive for two hours in a fire? Or, do I choose for Safe Number Two, a safe the vendor simple says to trust, because the design details of the safe are a trade secret? It could be Safe Number Two is made of plywood and thin sheet metal. Or, it could be that it is stronger than Safe Number One, but the point is I have no idea.
Of course, the battle enraged the internet and everyone has their own opinions I personally believe that if the code is peerreviewed, back doors and holes to the software are far less likely than those of a propriety company that will share your data for the right payment.
Defacto encryption standards
When you use a program designed to keep security in mind, you do not want to rely on some newlycreated protocol that takes a thousand builds to be stable. Implementing either old (usually broken) or unstable protocols is a flaw in itself when trying to enact secure messaging.
As with all my posts, the technical content will be highly referenced as I am (as I’ve said) not a security expert.
When looking at encryption and cryptography, there are a number of standards you can enact.
Extensible Messaging and Presence Protocol (XMPP)
is a communications protocol for messageoriented middleware based on XML (Extensible Markup Language).^{[1]} It enables the nearrealtime exchange of structured yet extensible data between any two or more network entities.^{[2]} Originally named Jabber,^{[3]} the protocol was developed by the Jabber opensource community in 1999 for near realtimeinstant messaging (IM), presence information, and contact list maintenance. Designed to be extensible, the protocol has been used also for publishsubscribe systems, signalling for VoIP, video, file transfer, gaming, the Internet of Things (IoT) applications such as the smart grid, and social networking services.
Think of XMPP as the backend transportation method and not necessarily the encryption methodology. XMPP is good as it has a openstandard, and is scalable across platforms.
According to XMPP:
Secure — any XMPP server may be isolated from the public network (e.g., on a company intranet) and robust security using SASL and TLS has been built into the core XMPP specifications. In addition, the XMPP developer community is actively working on endtoend encryption to raise the security bar even further.
An XMPP Server is considered secure when the following (minimum) items are present:
 The server is running with a server certificate
 The server is configured to not allow any cleartext communications – S2S and C2S
 The server supports XEP198
Note that unless you have clear access to the code running on the server to validate the above, you assume the XMPP portion of the application is unsecure.
OfftheRecord Messaging (OTR)
is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AESsymmetrickey algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA1 hash function. In addition to authentication and encryption, OTR provides forward secrecyand malleable encryption.
OTR is a rather complex protocol. Before commencing an encrypted data exchange, both parties must do an unauthenticated DiffieHellman (DH) key exchange to set up an encrypted channel, and then do mutual authentication inside that channel.
Let’s use Bob and Alice as the example here. Bob must initiate the AKE (Authenticated Key Exchange) as follows:
Bob:
 Picks a random value r (128 bits)
 Picks a random value x (at least 320 bits)
 Sends Alice AES_{r}(g^{x}), HASH(g^{x})
Alice:
 Picks a random value y (at least 320 bits)
 Sends Bob g^{y}
Bob:
 Verifies that Alice’s g^{y} is a legal value (2 <= g^{y} <= modulus2)
 Computes s = (g^{y})^{x}
 Computes two AES keys c, c’ and four MAC keys m1, m1′, m2, m2′ by hashing s in various ways
 Picks keyid_{B}, a serial number for his DH key g^{x}
 Computes M_{B} = MAC_{m1}(g^{x}, g^{y}, pub_{B}, keyid_{B})
 Computes X_{B} = pub_{B}, keyid_{B}, sig_{B}(M_{B})
 Sends Alice r, AES_{c}(X_{B}), MAC_{m2}(AES_{c}(X_{B}))
Alice:
 Uses r to decrypt the value of g^{x} sent earlier
 Verifies that HASH(g^{x}) matches the value sent earlier
 Verifies that Bob’s g^{x} is a legal value (2 <= g^{x} <= modulus2)
 Computes s = (g^{x})^{y} (note that this will be the same as the value of s Bob calculated)
 Computes two AES keys c, c’ and four MAC keys m1, m1′, m2, m2′ by hashing s in various ways (the same as Bob)
 Uses m2 to verify MAC_{m2}(AES_{c}(X_{B}))
 Uses c to decrypt AES_{c}(X_{B}) to obtain X_{B} = pub_{B}, keyid_{B}, sig_{B}(M_{B})
 Computes M_{B} = MAC_{m1}(g^{x}, g^{y}, pub_{B}, keyid_{B})
 Uses pub_{B} to verify sig_{B}(M_{B})
 Picks keyid_{A}, a serial number for her DH key g^{y}
 Computes M_{A} = MAC_{m1′}(g^{y}, g^{x}, pub_{A}, keyid_{A})
 Computes X_{A} = pub_{A}, keyid_{A}, sig_{A}(M_{A})
 Sends Bob AES_{c’}(X_{A}), MAC_{m2′}(AES_{c’}(X_{A}))
Bob:
 Uses m2′ to verify MAC_{m2′}(AES_{c’}(X_{A}))
 Uses c’ to decrypt AES_{c’}(X_{A}) to obtain X_{A} = pub_{A}, keyid_{A}, sig_{A}(M_{A})
 Computes M_{A} = MAC_{m1′}(g^{y}, g^{x}, pub_{A}, keyid_{A})
 Uses pub_{A} to verify sig_{A}(M_{A})
If all of the verifications succeeded, Alice and Bob now know each other’s DiffieHellman public keys, and share the value s. Alice is assured that s is known by someone with access to the private key corresponding to pub_{B}, and similarly for Bob.
Once this has been configured, you can go about Exchanging data.
Suppose Alice has a message (msg) to send to Bob:
Alice:
 Picks the most recent of her own DH encryption keys that Bob has acknowledged receiving (by using it in a Data Message, or failing that, in the AKE). Let key_{A} by that key, and let keyid_{A} be its serial number.
 If the above key is Alice’s most recent key, she generates a new DH key (next_dh), to get the serial number keyid_{A}+1.
 Picks the most recent of Bob’s DH encryption keys that she has received from him (either in a Data Message or in the AKE). Let key_{B} by that key, and let keyid_{B} be its serial number.
 Uses DiffieHellman to compute a shared secret from the two keys key_{A} and key_{B}, and generates the sending AES key, ek, and the sending MAC key, mk, as detailed below.
 Collects any old MAC keys that were used in previous messages, but will never again be used (because their associated DH keys are no longer the most recent ones) into a list, oldmackeys.
 Picks a value of the counter, ctr, so that the triple (key_{A}, key_{B}, ctr) is never the same for more than one Data Message Alice sends to Bob.
 Computes T_{A} = (keyid_{A}, keyid_{B}, next_dh, ctr, AESCTR_{ek,ctr}(msg))
 Sends Bob T_{A}, MAC_{mk}(T_{A}), oldmackeys
Bob:
 Uses DiffieHellman to compute a shared secret from the two keys labelled by keyid_{A} and keyid_{B}, and generates the receiving AES key, ek, and the receiving MAC key, mk, as detailed below. (These will be the same as the keys Alice generated, above.)
 Uses mk to verify MAC_{mk}(T_{A}).
 Uses ek and ctr to decrypt AESCTR_{ek,ctr}(msg).
Do you like advanced mathematics?
So if it’s just a predefined function, surely it can be impersonated?
Socialist Millionaires’ Protocol (SMP)
is one in which two millionaires want to determine if their wealth is equal without disclosing any information about their riches to each other. It is a variant of the Millionaire’s Problem^{[2]}^{[3]} whereby two millionaires wish to compare their riches to determine who has the most wealth without disclosing any information about their riches to each other.
Basically, let’s check to see who you are without disclosing information. Another fun example of maths. Assuming that Alice begins the exchange:
Alice:
 Picks random exponents a_{2} and a_{3}
 Sends Bob g_{2a} = g_{1}^{a2} and g_{3a} = g_{1}^{a3}
Bob:
 Picks random exponents b_{2} and b_{3}
 Computes g_{2b} = g_{1}^{b2} and g_{3b} = g_{1}^{b3}
 Computes g_{2} = g_{2a}^{b2} and g_{3} = g_{3a}^{b3}
 Picks random exponent r
 Computes P_{b} = g_{3}^{r} and Q_{b} = g_{1}^{r} g_{2}^{y}
 Sends Alice g_{2b}, g_{3b}, P_{b} and Q_{b}
Alice:
 Computes g_{2} = g_{2b}^{a2} and g_{3} = g_{3b}^{a3}
 Picks random exponent s
 Computes P_{a} = g_{3}^{s} and Q_{a} = g_{1}^{s} g_{2}^{x}
 Computes R_{a} = (Q_{a} / Q_{b}) ^{a3}
 Sends Bob P_{a}, Q_{a} and R_{a}
Bob:
 Computes R_{b} = (Q_{a} / Q_{b}) ^{b3}
 Computes R_{ab} = R_{a}^{b3}
 Checks whether R_{ab} == (P_{a} / P_{b})
 Sends Alice R_{b}
Alice:
 Computes R_{ab} = R_{b}^{a3}
 Checks whether R_{ab} == (P_{a} / P_{b})
 If everything is done correctly, then R_{ab} should hold the value of (P_{a} / P_{b}) times (g_{2}^{a3b3})^{(x – y)}, which means that the test at the end of the protocol will only succeed if x == y. Further, since g_{2}^{a3b3} is a random number not known to any party, if x is not equal to y, no other information is revealed.
Pretty neat documentation on OTR. Props to them.
Diffie–Hellman key exchange (D–H) – Elaborated for OTR Implementation.
is a method of securely exchanging cryptographic keys over a public channel
Or as I prefer to explain it:
Diffie helman is a mathematical algorithm to exchange a shared secret between two parties. This shared secret can be used to encrypt messages between these two parties.
This “methodology” (its a protocol) is used to “salt” a passphrase (or key). The following implantation on how it works:
The simplest and the original implementation of the protocol uses the multiplicative group of integers modulo p, where p is prime, and g is a primitive root modulo p. These two values are chosen in this way to ensure that the resulting shared secret can take on any value from 1 to p–1. Here is an example of the protocol, with nonsecret values in blue, and secret values in red.
 Alice and Bob agree to use a modulus p = 23 and base g = 5 (which is a primitive root modulo 23).
 Alice chooses a secret integer a = 6, then sends Bob A = g^{a} mod p
 A = 5^{6} mod 23 = 8
 Bob chooses a secret integer b = 15, then sends Alice B = g^{b} mod p
 B = 5^{15} mod 23 = 19
 Alice computes s = B^{a} mod p
 s = 19^{6} mod 23 = 2
 Bob computes s = A^{b} mod p
 s = 8^{15} mod 23 = 2
 Alice and Bob now share a secret (the number 2).
Both Alice and Bob have arrived at the same value s, because, under mod p,
^{}
More specifically,
The following values are then stated:
 g = public (prime) base, known to Alice, Bob, and Eve. g = 5
 p = public (prime) modulus, known to Alice, Bob, and Eve. p = 23
 a = Alice’s private key, known only to Alice. a = 6
 b = Bob’s private key known only to Bob. b = 15
 A = Alice’s public key, known to Alice, Bob, and Eve. A = g^{a} mod p = 8
 B = Bob’s public key, known to Alice, Bob, and Eve. B = g^{b} mod p = 19
This is literally all available on Wikipedia by the way.
It is imperative to understand that DiffieHellman is just a function to compute a shared key, not a full protocol. To actually use it, you need to design a protocol on top of it; OTR actually signs the DH key with its “long term key”.
Perfect Forward Secrecy (PFS)
Again, this is bundled in the OTR implementation. In the simplest form:
PFS is a property of secure communication protocols in which compromise of longterm keys does not compromise past session keys. Forward secrecy protects past sessions against future compromises of secret keys or passwords. If forward secrecy is used, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted should longterm secret keys or passwords be compromised in the future, even if the adversary actively interfered.
To get a better understanding of this, it can be stated that:
A publickey system has the property of forward secrecy if it generates one random secret key per session to complete a key agreement, without using a deterministic algorithm. This means that the compromise of one message cannot compromise others as well, and there is no one secret value whose acquisition would compromise multiple messages.
There are many iterations of this, the current notable method being Double Ratchet.
Basic Understanding = Done.
Now that you’ve got a basic understanding of why it is important to want to encrypt your data, and an example of how this is accomplished, let’s look at your options.
Again this post is about picking an app to secure messaging. It is not intended to go into depth on how encryption works etc.
So, how do we know what to use, and what not to use? Well you could use CryptoCat or an application listed here.
The answer is: whatever application meets your suited requirements. There is no 100% answer to this question.
Personally I use Signal for a few reasons:
 It’s easy to tell people to install;
 Implements OTR Ratchet;
 Curve25519 improvement to DH and;
 It’s just really easy to use.
Thanks!
Make sure you check out my blog post about Fighting For Internet Freedom.
Come visit me on Stack Exchange: