
Ask HN: What's the most secure communications method today? - JamesAdir
Assuming that I can exchange keys of some sort (physical, digital) with the other contact.
======
adrianN
What's your threat model? If you don't care about metadata and you can
exchange keys, use some form of symmetric encryption. If you care about
metadata then things are a lot more complicated.

But if you can assume that you have a secure channel for exchanging keys, you
can just use that channel for communication.

~~~
Retric
There are latency issues. Suppose you meet up once to exchange CDs full of
random data 20 years ago.

Now you can exchange messages with newspaper adds secure in the knowledge
nobody can ease drop even though your secure communication happened 30 years
ago. Granted, this is limited to low bandwidth text, but you can leverage this
for key exchange if you happen to trust some other form of crypto.

~~~
Tinyyy
Of course, given that the CDs are kept securely or promptly destroyed upon
use.

------
anikain
One time pad. without the original key, the message could litterally be
anything. There's no way to analyze the text at all

~~~
eeZah7Ux
Not again!

Your OTP is extremely sensitive to the quality of randomness and requires a
lot of it - which makes things very difficult.

It provides no authenticity and integrity or at least proof of tampering.

It does not protect from message reordering and capture+retransmission.

It obviously leaks metadata in a real-world usage: sender, receiver, msg
length, time of message.

~~~
falcolas
All of these problems are present with any pure encryption method. That's why
authentication hashes, message ids, high quality randomness sources, and so
forth exist. OTP can use these just as well as any other encryption method.

~~~
irundebian
What do you mean by "pure encryption method"? No one (no smart people) uses
AES purely, but of course in some mode of operation such as GCM which provides
integrity.

------
hnarn
If you want it to not only be the most secure, where the answer in my opinion
is symmetric encryption, but also the easiest to use, I would say using the
app "Signal" on a smartphone. As long as you're able to meet afk and you can
verify the safety number between the two phones, you should be good to go.
Disappearing messages adds another layer of security.

I'm sure there are ways that are more secure in terms of encryption strength
and opsec, but in the real world most people you want to communicate with
aren't savvy enough for most "truly secure" setups to be realistic.

~~~
zulln
What I dislike the most about Signal is the need for a phone number though.
Yes, I understand I could register with a temporary phone number but that
still is not good enough.

~~~
hnarn
Surely most smartphones will have a phone number anyway, no? It doesn't have
to be connected to you personally and it's a good way to keep illegitimate
Signal registrations down.

------
Jaruzel
The most secure conversation is the one you don't have to have.

~~~
dom0
The standard answer: Want to talk about something that could compromise you or
the company? Well, don't talk about it.

------
Fox8
Signal, Wire, Privus SecurLine, Riot (Matrix), Threema are good candidates for
audio and text secure communications.

Some leak metadata, some have countermeasures like not using own's phone
number (SecurLine and Threema) or using fixed bitrate for audio calls (Signal,
Wire, SecurLine).

If you want privacy and trust choose a solution in that you can audit the
source code and that it is verified by a third party auditor.

------
Tepix
Does a one time pad qualify for what you defined as "key exchange"?

One time pads are proven to be perfectly safe as long as they are used
correctly (read the first paragraph of the wikipedia page at
[https://en.wikipedia.org/wiki/One-
time_pad](https://en.wikipedia.org/wiki/One-time_pad) )

~~~
heinrich5991
If you want to avoid metadata, you need more than one-time pads.

------
kobeya
For what purpose? There are many trade offs to consider. Do you want
repudiation? Do you need group messaging? Synchronous or asynchronous? Etc.

------
perlgeek
Define secure. Is leakage of meta data (who communicated with whom, when, and
what size of data was exchanged) relevant? Or just the content? Is reliability
of delivery part of "secure"?

------
mr51m0n
Threema? [https://threema.ch/en](https://threema.ch/en)

------
uoaei
The process of exchanging keys will theoretically leak metadata unless you
already have an established secure line. In which case you will not need to
open a new one, defeating the purpose.

Anyway, the most secure method of communication would be to leave all
electronic devices somewhere far away and ideally locked in a solid metal box,
then meeting in person somewhere where surveillance is hard or impossible. In
the ideal case this will obfuscate all metadata including sender and receiver,
unless someone happens to see you travelling to or away from the meeting
place.

------
lmm
For letter-like communications GPG is fully open-source, has gone through the
fire of decades of use, and if you believe the Snowden leaks then even the NSA
can't break it. If you're serious about security use it via something like
Tails - keep the thing you boot from on you at all times, and never let
plaintext leave your securely-booted system

For OTR-style messages I'd find a fully open-source messenger that uses an
atoxl-like protocol - i.e. OMEMO (Conversations/ChatSecure) or Riot/Matrix

~~~
codewritinfool
The problem with GPG and the like is that the assumption is made that the end
platforms are secure (where the message is generated or read). They are not.

~~~
lmm
That's true for almost all cryptosystems. I mentioned Tails which is pretty
much the state of the art as far as securing the endpoint goes.

------
therealmarv
[https://vuvuzela.io/](https://vuvuzela.io/) \- Private messaging system that
hides metadata

------
Frenchgeek
Face to face in a SCIF?

~~~
anotheryou
I'd say going for a walk without phones in a noisy place is good. Any fixed
facility can easily be bugged.

Cameras are harder to hide, so handing over some folded paper that you wrote
on in private will be even easier. Just burn after reading :)

~~~
crottypeter
A noisy place might not give the protection it appears to...
[https://en.wikipedia.org/wiki/Microphone_array](https://en.wikipedia.org/wiki/Microphone_array)

~~~
anotheryou
Yes, the movement part is more important and to go somewhere you are not
expected. These arrays are indeed scary: [https://youtu.be/bgz7Cx-
qSFw?t=3](https://youtu.be/bgz7Cx-qSFw?t=3)

------
nottorp
One time pads (with good randomness) delivered by armed couriers. Sorry for
the non technical answer ;)

------
koehr
This really depends on who you are and from what you are hiding:

1) Communication between non-targeted (unimportant) individuals hiding
information from:

1.1) other individuals or non-governmental institutions

1.2) governments or GOs

2) Communication with targeted (important) individuals hiding information
from:

2.1) other individuals or non-governmental institutions that target you

2.2) governments or GOs

The first one is the easier one as expected:

1.1) Individuals want to secretly share information without someone else
notice. "Someone else" can be another person, family, friends, a teacher,
collegues or their boss.

Important here is, that the person to hide the information from doesn't target
you. This makes it VERY easy because the person doesn't necessarily expect any
secrets to be exchanged.

Simple chat apps do here. Telegram and others support self destroying
messages.

1.2) Individuals want to secretly share information without being
(potentially) tracked by the government. They are part of the grey mass of
"normal citizens".

As long as you or your partner are not actively watched by a government,
things can still be relatively easy. Standard apps (eg WhatsApp, Telegram)
might be even enough. Mass surveillance might be a problem though (in China,
Iran or the US for example) so to be on the save side, better use non-standard
software that is decentralised and uses hard encryption and something like
Off-The-Record messaging. Good and mature candidates would be of course XMPP
(aka Jabber) with OMEMO or the newer Matrix protocol.

2.2) Individuals want to hide information from someone who knows or suspects
that they do it:

As soon as you or your communication partner is targeted, things get a lot
harder. Now not only the information itself needs to be encrypted (good old
rubber hose decryption works against the best encryption methods). Other
individuals usually don't have sophisticated surveillance methods, so it
should still be relatively easy. Important is, that meta-information (who
communcated with whom at what time, etc) needs to be secret, too. As soon as
the one who suspects you to secretly share information knows that you did,
they will ask questions. Better they don't have anything at hand to do so.

Plausable denyability is the keyword. Off-the-record messaging provides this
but is of no use if you keep the chat logs or be seen. Even the contact in
your phone could be suspicious enough. Better use a dedicated system or
memorise the contact information and only use it without saving it. Never ever
communicate while the watching person could see it.

2.2) Governments or governmental organisations watch you:

Now this is the hard part. Hiding from a government that watches you and/or
your communication is REALLY HARD. Don't be fooled by advertised end-to-end
encryption and public law-suits of companies trying to defend their users
privacy.

You have no idea what GOs are capable of which is why you need to implement
measurements even against unknown attack vectors.

The best you can do is to hide your communication traces by following at least
the following rules:

* Never use something that leaves a trace of personal information. Use pre-registered sim-cards or internet cafes in different cities. Always use public proxies, TOR, everything.

* Use asynchronous communication: Leave an encrypted blob somewhere in the void of the internet without any receiver. The receiver needs to be potentially everyone but of course nobody except the receiver can be able to read the message.

* Use disposable keys. Hide signatures but never forget to use them! A cryptographic secure signature is the only way for the receiver to be sure that it is really your message and nothing intercepted or faked. But the signature needs to be hidden inside the unreadable crypto-blob.

Phew… that was a long one. But I hope it gives you and the interested reader
some insights.

Some links to kick-off the research:

[https://en.wikipedia.org/wiki/Off-the-
Record_Messaging](https://en.wikipedia.org/wiki/Off-the-Record_Messaging)

[https://en.wikipedia.org/wiki/OMEMO](https://en.wikipedia.org/wiki/OMEMO)

[https://staltz.com/an-off-grid-social-network.html](https://staltz.com/an-
off-grid-social-network.html)

[https://en.wikipedia.org/wiki/Matrix_(communication_protocol...](https://en.wikipedia.org/wiki/Matrix_\(communication_protocol\))

[https://en.wikipedia.org/wiki/Public-
key_cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography)

------
toanant
Consider using [https://keybase.io](https://keybase.io), they have recently
added chat feature as well to their app.

~~~
dsacco
Keybase Chat doesn't feature forward secrecy.

------
irundebian
Is there something like a state of the art one time pad implementation which
provides integrity and other security properties which are lacking with pure
OTP?

------
1ba9115454
Secure messaging on a bockchain. Due to the fact you no longer have to trust a
3rd party.

If you choose the Bitcoin blockchain then you can send your encrypted data and
no-one will know who decrypted it due to the P2P nature of the network. Every
node receives every message.

Example.

AES encrypt your message with a key you both know.

Add it to the message field of a bitcoin tranasction.

The person at the other end decrypts any transaction they find with a message
until they find one which does decrypt with that key.

For more securtity you can hide the message in the content of the transaction.
i.e. the public keys you pay to.

~~~
jwalton
> no-one will know who decrypted it

> Every node receives every message.

Neither one of these strike me as desirable characteristics of a secure
messaging system. I can see the advantage in a third party not being able to
tell who received a message, but in a perfect world as the sender I'd like to
know that only my intended recipient received it, which is the opposite of
what's going to happen with the block chain.

Also, to encrypt with AES you need to pick a key length, and since your
message is going to everyone in the world, you need to pick a key that is both
impractical to break using today's technology, but using all future technology
for as long as your secret remains relevant. If AES is ever broken, then all
bets are off.

If you have a chance to exchange keys of unlimited length ahead of time, then
you could use a one time pad and message over the block chain. This would be
secure, but then if you have a OTP, almost any message channel you pick is
going to be secure. Someone else in this conversation recommended using
newspaper ads.

~~~
1ba9115454
> no-one will know who decrypted it

This is useful when you want to send a mesage but you don't want anyone to
know who you were sending too. It's a form of obfuscation.

------
zero_one_one
Can you also assume absolute trust with the party you are communicating with?

------
miguelrochefort
The risk with communication is not to have your messages read by the wrong
people.

The risk with communication is to not have your message read by the right
people.

The risk with communication is for your message not to properly reflect your
true intent.

1\. We need to stop obsessing about privacy.

2\. We need to fight censorship.

3\. We need to improve our semantic model.

~~~
icebraining
These are contradictory statements, because privacy is an essential protection
against censorship. You're never completely free to speak if you can't speak
anonymously, and you can't speak anonymously if you don't have privacy.

As the SCOTUS wrote in _McIntyre v. Ohio Elections Commission_ , “Anonymity is
a shield from the tyranny of the majority.”

------
twobyfour
A face to face conversation in the woods, perhaps?

------
vgb2k11
>Assuming that I can exchange keys of some sort (physical, digital) with the
other contact.

Each contact has an identical table of data (pure-random, 1 terabyte, ASCII
256 or choose your own encoding); this is your "Key of some sort". Messages
sent between contacts are encoded character-by-character as offsets from the
start of the table. No offset can be used more than once. After offset
1099511627776 (for a 1 terabyte files) has been used for encode, a new key
file is generated and exchanged.

Example:

tables contains a terabyte of random data such as "ahx Ui D 7gu3a7NrdMr 9y&S
)iM AAt 8'9s 98m..e kj j uhbd f..."

1,5,6,9,12,15,18,20,23,25,30,33,35,36,39,41 = hi garry it's me

~~~
y7
If you're gonna go through the trouble of exchanging 1TB of one time key, use
a standard one time pad. This method is either insecure (when offsets are not
strictly ascending), or unnecessarily wasteful.

~~~
vgb2k11
After searching the definition of one-time-pad, I'm pretty sure post is
redundant and shall be deleted (in T-minus 2 minutes). [edit] No delete
option. Mod please delete.

