![]() ![]() The service let users who have verified themselves with their public encryption key securely chat with other users in February but expanded the chat to other apps via a Chrome browser extension in May. The company released an alpha version of Slack-like team messaging tool, Keybase Teams, last week. Encryption experts applauded the move at the time but said that extra steps also need to be taken to ensure “civic” infrastructure is equally protected.Īnother encryption service, the public key crypto database Keybase brought end-to-end encrypted messaging to apps such as Twitter, Facebook, and Reddit earlier this year. Ron Wyden (D-Ore.) penned a letter (.PDF) to Frank Larkin, the Senate’s Sergeant at Arms, thanking his office for approving the app. Approval to use the app was officially granted back in March but came to light in May after Sen. Senate approved usage of Signal for lawmakers and staff in the chamber. The news that Signal is working to make itself more privacy-focused comes as popularity over encrypted chat apps such as Signal and WhatsApp has reached somewhat of a fever pitch.Įarlier this spring the U.S. Marlinspike says that Signal plans to deploy the service into production and integrate it into clients once developers finish testing it over the next few months. The service is still in its infancy but Marlinspike calls it not only efficient but scalable, up to more than a billion users.Īs the technology is still in the early stages, Open Whisper Systems has made the contact discovery service open source and put its code on GitHub in hopes of soliciting public opinion. The client transmits encrypted contact identifiers from a user’s address book to the enclave, then the enclave looks those up from a set of registered users, encrypts the results, and sends them back to the client. ![]() A secure connection initiates and clients perform something called remote attestation-a feature that cryptographically guarantees the code is running in a remote enclave. Signal’s servers can’t and won’t collect hashes. With the new system, which Marlinspike says is still in beta mode, the contact discovery service runs in a secure SGX enclave. Marlinspike says the inherent danger in doing it this way is that the hash of a user identifier can be inverted. ![]() It tabulates the truncated SHA256 hash of each phone number, transmits those to Signal, then Signal does a lookup from that set of hashed users to find legitimate users. Signal has always gone about this in a complicated but relatively secure way. The technology should help settle the nerves of privacy-conscious individuals who have long disliked the idea of Signal accessing their contact list to look for Signal users. According to Marlinspike the SGX enclave can be tweaked to run on the server and reversed to afford a service the ability to “perform computations on encrypted client data without learning the content of the data or the result of the computation.” The technology was initially designed for DRM and fashions a secure enclave of sorts inside the processor, separate from the host operating system and the kernel. Moxie Marlinspike, the founder of OWS and the coauthor of the Signal protocol, said Tuesday the company is experimenting with a feature in Intel chips called Software Guard Extensions, or SGX, to do so. Open Whisper Systems, the company behind the encrypted messaging app Signal, is testing a new private contact discovery service that in theory will allow the app to determine if a user has Signal contacts in their address book but forbid its servers from accessing the users’ address book. ![]()
0 Comments
Leave a Reply. |