
Subrosa – An encrypted communication platform - carlozt03
https://subrosa.io/
======
Scaevolus
Matasano's "Javascript Cryptography Considered Harmful" is yet again
applicable. [http://matasano.com/articles/javascript-
cryptography/](http://matasano.com/articles/javascript-cryptography/)

These statements are mutually exclusive:

End to end encrypted: Nobody, not even us, can read or listen into your
conversations.

Works everywhere: Visit subrosa.io from any computer. No download or install
needed.

~~~
api
Everything this article says is true. That being said, it _also_ applies to
any regular application that can be upgraded automatically or that's upgraded
at all by a third party. Anything you get off an app store can have its code
switched out from under it with minimal and routine or in some cases even _no_
user interaction. All someone has to do is compromise the signing key, which
is probably not that hard in many cases.

~~~
jtheory
Sure; but there's a world of difference between communicating with a webapp
that claims to protect your privacy even from the NSA (but actually cannot)
vs. "any regular application", which makes no such security claims, and from
whom savvy users won't expect that kind of protection.

People with important information to communicate that they must protect from
the powers that be (quite possibly to protect their own lives) will seek out
secure methods; at the same time, the powers they're avoiding will be
targeting secure communication methods.

~~~
tptacek
This application doesn't protect communications from the owners of the
application _under any circumstances_. Forget about the NSA.

------
rubbingalcohol
Unless they're using a browser extension, there's no way a user can trust this
application. It's a web app. At any moment the developer or a malicious third
party with unauthorized server access can remotely modify the JavaScript files
to dump all data in plaintext to the NSA.

------
ctz
"Nobody, not even us, can read or listen into your conversations."

This cannot possibly be true, given they are the root of trust for
establishing the recipient's authentic public key.

Also, minified javascript really does not count as a source code release.

~~~
jtheory
Quite right. If they were compelled -- e.g., "insert this backdoor or we'll
imprison you" \-- they might trivially serve up a tweaked version of their
JavaScript to _the one user_ the NSA was interested in.

And it wouldn't take a complicated tweak at all to sneak the real password (or
some sufficient version of it) back to the server, after which point certainly
"even us" can read & listen in to all of that user's conversations.

~~~
danielweber
(Comment moved to today's topic.)

------
Canada
A quick check with wireshark reveals the use of a VBR codec for audio, so
there's another probable side channel besides the Javascript related issues
already discussed.

I don't know much about WebRTC, but I think it's something you can set and
Subrosa should be doing so in app-webrtc.js.

------
acveilleux
The login protocol require sending a hash of the key used to decrypt the rsa
key bundle stored server-side. I hope they implemented a constant time compare
for that hash so that verification can't be used to work out key...

------
danielweber
Why have both "username" and "display name"?

At first I thought it was an extra layer of security , like most online games
have, to discourage username/password bruteforcing. (It's an obscurity layer,
but obscurity layers are not by definition bad.) But you need to tell others
your username to communicate with them.

------
swordswinger12
In the description of the key exchange mechanism (section 'Conversation Keys'
under 'Security') it sounds like they're using one symmetric key for both
directions of a two-way channel. If true, this is a pretty serious security
flaw. Anyone from Subrosa care to comment?

~~~
orthecreedence
Not really, from what I understand. Seems they are exchanging a symmetric key
via RSA to facilitate two-way encrypted communication. This is pretty
standard, browsers do this via TLS.

~~~
ctz
TLS does _not_ use a single symmetric key for bidirectional comms. It
establishes keys per direction.

------
carlozt03
I ran this through the SSLlabs SSL Test and it came back with an F. Perhaps an
oversight on their end?

~~~
ceejayoz
Looks like it's because it's vulnerable to the OpenSSL CCS exploit.
[http://ccsinjection.lepidum.co.jp/](http://ccsinjection.lepidum.co.jp/)

A system bragging about security leaving a known, patched hole like this open
isn't a great sign.

------
vsakos
First impression:

\- There is no demo, i can only guess that this is a "browser-based skype". I
hate when i can't try it but it's free.

\- Open-source, but no git repo?

Btw I had the same idea before (I posted it to an Idea Sunday thread) but I
dropped the idea because i realized that no one needs this level of security,
NSA is not interested in your chat with family and friends...

~~~
phibit
"There is no demo" \-- just make an account quickly and try it out. I did this
and it was easy.

"Open-source, but no git repo" \-- Open-source does not always entail git or
Github.

"I dropped the idea because i realized that no one needs this level of
security, NSA is not interested in your chat with family and friends..." \--
I'm glad you dropped the idea because someone who doesn't understand why
privacy is important shouldn't be making privacy applications. The NSA doesn't
care about your chat with family and friends, until suddenly they DO start
caring and everything you've said can be manipulated and transformed against
you, whether your conversations were innocent or not.

~~~
vsakos
I know it can be open source without git, but GitHub gives a lot of benefits.

Also as I understood, you don't have Facebook, Twitter, Skype, Googe, Outlook,
YouTube, and even HN account because NSA could one day transform everything
against you?!

~~~
orthecreedence
Possible scenario: you are chatting with a friend about how you bought bitcoin
at 300 and sold at 500, making 6000USD on the trade. Your money is in an
offshore exchange. Next year, you receive a bill from the IRS wanting their
cut of the $6000. How did they know? You never pulled out your money.

Well, the NSA gave them a tip.

Now imagine you're running for public office and your opponents will pay top
dollar for dirt on you. Imagine that one day you're at odds with your
government and they'll use every piece of information they can to prosecute
you.

Privacy from one's government and those who control/buy into it is something
that nobody needs _until they do_.

That doesn't mean you can't have a public life as well. But why give out more
than you need to?

~~~
josho
I like your example, but it is also why a lot of folks don't care so much
about privacy. Ie. in the scenario there was an illegal hiding of revenue from
the IRS. The privacy infringement simply corrected a wrong. So, for many folks
they remain unconvinced because they aren't doing anything wrong, so they feel
they have nothing to hide, and don't take issue.

Perhaps, a better scenario is that you are chatting with a fellow entrepreneur
about bitcoin, a short while later they are charged by the IRS for tax
evasion. Meanwhile, your conversation with them on the subject is discovered
through the NSA machinery and is used to kick off an investigation against
you.

I wish I had a better example, as that would serve us well to educate folks on
the value of privacy. I'm writing in part that someone has a better example to
share.

~~~
orthecreedence
You're right, it's a tricky line to walk.

When not citing technology-focused issues, I like to use the bathroom example:
"Would you use a public bathroom with glass walls?" It illustrates the
difference between _covering up wrongdoing_ and _need for personal privacy_ ,
two entirely different things.

