[guardian-dev] Silent Circle Source
Abel Luck
abel at guardianproject.info
Mon Nov 12 15:08:39 EST 2012
Abel Luck:
> it's coming... https://github.com/SilentCircle
>
> (some of it at least)
Just casually browsing the repo [1] here are some initial observations:
* it looks like this is their XMPP client for IOS / OSX and supporting C
libs
* it's BSD 3-clause licensed [2]
* uses its own messaging protocol on top of XMPP (Silent Circle Instant
Messaging Protocol aka SCimp) [3] (note, this is not OTR)
* doesn't appear to support user to user authentication, but supports
some sort of ZRTP like Short Authentication String [4]
Something worrying, is that the SAS seems to be designed to be exchanged
in-band.
That is, the users type the SAS to each other to ensure it is identical,
but if you're being MITMed that won't do you much good (remember SAS is
to detect MITM).
According to their site [5] they use push notifications for background
messaging.
Would be awesome if an iOS / obj-c developer could examine it further
(Chris?).
~abel
[1]: https://github.com/SilentCircle/silent-text
[2]:
https://github.com/SilentCircle/silent-text/blob/master/PROJECT%20README
[3]:
https://github.com/SilentCircle/silent-text/blob/master/SilentChat/SilentChat/SilentChat/SCPP/XMPPSilentCircle/XMPPSilentCircle.h
[4]:
https://github.com/SilentCircle/silent-text/blob/master/SilentChat/SilentChat/SilentChat/App/ConversationManager.m#L814
[5]: https://silentcircle.com/web/faq/
More information about the Guardian-dev
mailing list