
How Secure is TextSecure? - kushti
http://eprint.iacr.org/2014/904
======
AdmiralAsshat
Seems pretty good overall. The only primary bullet point to "fail" was here:

 _> In conclusion, TEXTSECURE only achieves deniability theoretically. Content
deniability is provided due to our security proof but we can not prove that no
delivery request will be recorded at the TEXTSECURE server._

~~~
verytrivial
I would like to see a tool, perhaps even a companion app, that does this HMAC
gymnastics to prior discussions to make deniability _actually_ plausible
instead of just theoretically plausible.

"Your honor, the defendant is clearly not Moxie Marlinspike. She said these
things." "Objection! My grandmother can use _Axylnotly_ to forge previous
discussion and she is also not Moxie Marlinspike." " ... sustained."

------
cakeface
> Furthermore, we formally prove that - if key registration is assumed to be
> secure - TextSecure's push messaging can indeed achieve most of the claimed
> security goals.

------
mtgx
I assume this was posted now because of this:

> Date: received 31 Oct 2014, last revised 5 Apr 2016

~~~
privong
Unsurprisingly, this was discussed before on HN[0], nearly 2 years ago. It
would be interesting if an expert could summarize what has changed.

[0]
[https://news.ycombinator.com/item?id=8544814](https://news.ycombinator.com/item?id=8544814)

------
atenorio
The mayor issue IMHO is the dependency to Google Cloud Messenger as the only
available push notification system for android devices and its dependency to
Google Play store. I believe an actor as powerfull as Google can detect
paterns and learn from the notifications it handles even if the text is
encrypted.

------
noja
[https://www.eff.org/secure-messaging-scorecard](https://www.eff.org/secure-
messaging-scorecard)

~~~
tptacek
This thing is not good, and I strongly recommend against making decisions
based on it.

~~~
Throwaway23412
Elaborate please? (I'm not as well versed in security as I would like.)

~~~
tprynn
Here's a quote from a post I enjoyed
([https://www.elttam.com.au/blog/a-review-of-the-eff-secure-
me...](https://www.elttam.com.au/blog/a-review-of-the-eff-secure-messaging-
scorecard-pt1/)):

> This type of score card drastically simplifies the problem domain, and leads
> one to question what the tradeoffs are when installing an application from
> the list. While the advocacy of privacy based communication is something we
> love to see reach a mainstream audience, we believe the scorecard misses
> many considerations and metrics that are critical to the discussion.

To quote myself:

> The EFF score card is an embarrassment which is essentially equivalent to
> one of those "comparison table of our competitors" on a SaaS website. That's
> a good analogy for it, because it uses the same questionable metrics and
> even more questionable ranking system that one of those tables would use.
> The score card gives Signal the same ranking as Cryptocat - that's an
> instant negative result for its usefulness.

------
jrcii
I've expended 0 effort to find the answer to this myself, but I wonder if this
is based on the OTR protocol, and if not, why not.

~~~
yourcelf
The TextSecure protocol is now named the "Signal Protocol"; it's developed by
Open Whisper Systems. It is the protocol used by the Signal app on Android and
iPhone, and as of this week, also used by WhatsApp.

Here is an older post where the authors of the protocol explain why not OTR:
[https://whispersystems.org/blog/advanced-
ratcheting/](https://whispersystems.org/blog/advanced-ratcheting/)

The main takeaway: text messaging, unlike traditional instant messaging, is
primarily asynchronous with long-lived sessions, where traditional instant
messaging is primarily synchronous with short-lived sessions.

~~~
sp332
The protocol used to be called Axolotl, if you want to search for older
discussions and research on it.

~~~
cyphar
The crypto primitives they use are called Axolotl as a group. Axolotl is to
signal what RSA is to TLS.

~~~
tptacek
The Axolotl construction was invented for Signal Protocol, which was itself
originally called "Axolotl".

