Domain: whispersys.com
Stories and comments across the archive that link to whispersys.com.
Comments · 22
-
RedPhone?
I wish someone would write a credibly-strong voice/data encryption/scrambling smartphone app.
What about RedPhone?
-
Does it encrypt REAL phone calls?
While it is nice for someone to be making an easy-to-use all-in-one encryption app, the real question for me is this:
Does it encrypt phone calls; real, phone-to-phone, no-VoIP phone calls.There are already several solutions out there for encrypted VoIP. Even a free, open-source general-purpose Android SIP client CSipSimple supports ZRTP for key exchange (or 'of course' a free, open-source
...)
However, I have not found a single app (and indeed only a few specialised devices) to actually make encrypted phone calls without using VoIP, and none that have made encrypted phone calls over GSM voice. A few people have talked about phone call encryption over GSM voice (e.g. at DEFCON) and there are many papers on the topic of data-over-GSM-voice), but I haven't yet seen it implemented. If this *does* implement it, *then* I'll be pumped.On the SMS front, there is already TextSecure for sending encrypted SMS, and all the key exchange is handled through SMS (and perhaps MMS? I believe only SMS). Mind you, Moxie Marlinspike hasn't released the source for it (and it is now owned by Twitter, so we'll probably never see it).
-
I thought 'Whisper Systems' when I saw this post
This may or may not be what you're looking for... not all of their offerings appear to be open source.
-
Whisper Systems
Whisper Systems is still in beta, but is free.
-
Re:Passcode
There is not yet a way to do full disk encryption that I know of.
How about WhisperCore?
-
Re:Passcode
I wonder how something like this would stand up to a fully encrypted phone with something like this, though: http://www.whispersys.com/whispercore.html
-
Re:Not the only way to break the pattern lock
Whisper Systems "smudgelock" prevention tool:
-
Re:Out of their minds?
The main thing that bugs me really is the busted ass HTC clock/alarm clock app. Since it syncs time based on, my best guess, a keyword search on the city name of the network egress point it sees you coming from, they seem to tend to end up in the wrong timezones every now and then. That's pretty convenient. Oh, and when using an AirRave it thinks I'm in Red Hook, NY. I'm guessing it
/means/ Red Hook, NJ, which is still nowhere near where I live.
Aside from that, adding hackers keyboard, K9 Mail and TextSecure seems to add most of what I need. The UI fluff that Palm did really well is missed, but not essential. Plus, on the palm I couldn't easily set up an SSH tunnel and then VNC over it to firewalled machines. I just stumbled across that and it's a huge point in the HTC column. However, certificate management was hugely easier on the Pre. -
Re:I don't...
Exactly.
I do keep sensitive data on my phone and in Google's cloud. That's why I use Android, after all. My phone is either in my belt or in my hand all the time. I don't put it down except when asleep in my bed, and when I'm asleep in my bed there aren't friends of friends present.What about recharging, you say? I have four batteries, one in the phone, one in the charger, two spare, usually fully charged. I shall investigate WhisperCore, but the fundamental security is physical security. Never lose the device.
-
Whispercore
This looks like exactly what you want. It warns that its in beta, though, so I'm not sure how well I would trust it. Seems like better than nothing.Says it does full encryption of the entire system, optionally your SD card, as well as optional firewall for your phone. Wouldn't rely on it without backups, but it should work. Also, you could look at a system that keeps passwords off your actual phone, like LastPass does. Not sure how well it works with Android, but I'd look into it.
Also, Honeycomb supposedly offers device-level encryption link), so if you can wait for that on phones, that'd work too.
-
Re:GNU VoIP
-
Take another look with your glasses on...
There's one area in which iOS/Android cannot even touch the BlackBerry - security.
You're right. Google nor Apple, to my knowledge, has yet to sell me on "unbreakable" encryption and then turned around and made a deal with a foreign government to provide the tools to break said unbreakable encryption. Yep, my DroidX can't touch that. Well, I can call using RedPhone, and completely encrypt my voice calls, use Orbot (Tor) to anonymize and onion route my phone's communications, and I can use any number of private crypto messengers.
Oh wait, did I mention that the folks at Whispersys.com (makers of RedPhone) also make WhisperCore 0.2? From the link: "Device and data security for Android. WhisperCore integrates with the underlying Android OS to protect everything you keep on your phone. This initial beta tech-demo features full disk encryption and basic platform management tools for Nexus S phones. WhisperCore presents a simple and unobstrusive interface to users, while providing powerful security and management APIs for developers."
So... what were you saying about BlackBerry faux-security again?
-
Full Disk Encryption for Nexus S / One
If you have a Nexus phone, WhisperCore is probably worth investigating:
-
Re:Traditional VPN?
Although if you can get the people you really want to talk to elsewhere on board, you could use RedPhone. Not what the question is asking, but another way to help.
-
Re:Moxie Marlinspike and Whisper Systems
Consider giving Whisper Systems "TextSecure" and "RedPhone" applications a try. I have had good luck with them. I don't know if they have been ported to S60 yet.
From Whisper Systems FAQ:
"10. Does RedPhone support international numbers? For the initial Beta, RedPhone is unfortunately US-only. We will be adding international calling support in the near future. "
-
Moxie Marlinspike and Whisper Systems
Consider giving Whisper Systems "TextSecure" and "RedPhone" applications a try. I have had good luck with them. I don't know if they have been ported to S60 yet.
-
Encrypted texting on Android
I use TextSecure by Whisper Systems for text messaging. It's currently in beta, but secure sessions are easy to set up, and the whole application, in general, is working out quite well for me. Better than the stock messaging application in CyanogenMod, at least.
-
TextSecure
This looks like a good reason to use TextSecure if you have an android phone. Texts are stored encrypted on your phone, and if both sender and receiver are using it, texts are transmitted in encrypted form as well.
-
Re:End-to-end encryption
Are there any Off-the-record supporting Apps for Android ? (And perhaps for iPhone, although I doubt that Apple will green-light one)
Absolutely. Moxie Marlinspike of thoughtcrime.org has made precisely that, in the form of TextSecure (crypto info here). He's also got a VOIP app that uses Phil Zimmerman's ZRTP protocol.
-
Re:End-to-end encryption
Are there any Off-the-record supporting Apps for Android ? (And perhaps for iPhone, although I doubt that Apple will green-light one)
Absolutely. Moxie Marlinspike of thoughtcrime.org has made precisely that, in the form of TextSecure (crypto info here). He's also got a VOIP app that uses Phil Zimmerman's ZRTP protocol.
-
Time to use encryption.
http://www.whispersys.com/
http://www.cypherpunks.ca/otr/
http://www.gpg4win.org/Encrypt your text. Authenticate your text via digital signature. Avoid all contact with minors or strange individuals who cannot or will not encrypt or authenticate their communications.
-
Useless
Encrypted voice is US only, so that's no good for the rest of the world. Also, searching for TextSecure on Market doesn't yield any results on my Android 1.5 device (although the FAQ claims it works on all versions of Android), though 2.2 is fine. Sending encrypted texts to myself didn't work either, it says "Bad encrypted message..." but that might just be me doing something wrong.