[guardian-dev] CyanogenMod 11 bundling TextSecure

Aaron Lux a at AaronLux.com
Fri Dec 20 16:31:44 EST 2013 

A big problem for CyanogonMod is I don't see how they don't select
another app since TextSecure has bundled encryption with
authentication.  I think encryption and authentication should be
separated so CyanogenMod users have the choice to authenticate other
media streams or not authenticate it all if they're trying to reduce
metadata.  A very high-level overview of my approach to separating these
would be to hack the open source Google Authenticator so both caller and
callee have the same random number regenerated every minute.  For
simplicities sake let's just say both users have already shared their
private keys and the hacked Google Authenticator gives the random code
9458 2304...  When Caller calls/texts/emails/videos/etc Callee and signs
with gives the code 9458 and callee replies with 2304.  Now the Caller
and Callee has the freedom to authenticate any message, using any app,
encrypted or unencrypted.

Hopefully it makes sense. Questions appreciated.
A

http://code.google.com/p/google-authenticator/

On 12/20/2013 02:41 PM, Lee Azzarello wrote:
> I assume Moxie is positioning himself as the primary candidate to
> provide voice services via RedPhone. This will be an interesting play
> if it happens since the RedPhone backend is proprietary and cannot
> federate to other VoIP providers. That might not be a problem for the
> majority of the user base but it doesn't differentiate RedPhone from
> Google Hangouts, FB Chat or Skype.
>
> I think a high priority project for interop could be a Kamailio module
> that acts as a gateway between the RedPhone signaling protocol and the
> subset of SIP that's required for basic secure calling between two
> parties. I wrote up a proposal for his winter surf trip / hack week
> but didn't submit it due to the requirements of producing functional
> software in one week in such a rad/distracting environment. The
> suggestions were leaning more to UI design and client side app work
> anyway.
>
> -lee
>
> On Fri, Dec 20, 2013 at 2:50 PM, Aaron Lux <a at aaronlux.com> wrote:
>> How long before CyanogenMod users ask for secure voice now that they have
>> secure text?
>> https://whispersystems.org/blog/cyanogen-integration/
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit:
>> https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>>
>> You are subscribed as: lee at guardianproject.info
>>

More information about the Guardian-dev mailing list