

WhisperPush: Secure Messaging Integration - alsutton010203
http://www.cyanogenmod.org/blog/whisperpush-secure-messaging-integration

======
conorgil145
Very neat indeed. Integrating at a low level like that is an excellent plan
for a good user experience.

Without diving into the code they link to, I wonder how it falls back to
normal SMS for clients which are not using CM/TextSecure. They couldn't just
send it encrypted in case the receiving client doesn't support that. So, they
must negotiate which version to send (encrypted vs unencrypted). Apparently,
this handshake/negotiation works with regular SMS. Anyone have any insight?

Also, I think it is important to note that the SMS messages are only encrypted
in transit and not at rest. I believe this to be the case because the article
says that I can use any SMS client I want. Also, encryption at rest would kill
searchability, back-up/transfer to new device, etc.

Edit: I didn't mean to imply that encryption during transit is anything to
scoff at. It is quite excellent compared to what people have now, which is no
protection at all!

~~~
conorgil145
I found the spec from another HN thread:
[https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2](https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2)

Related HN thread:
[https://news.ycombinator.com/item?id=6876165](https://news.ycombinator.com/item?id=6876165)

