Have you read this blog post? https://whispersystems.org/blog/private-groups/
It has some good discussion of this topic. On Nov 27, 2014 7:41 PM, <[email protected]> wrote: > But if someone perform mitm with axolotl schema than any new message will > be captured too. I can't spot any difference in this place. > > 28.11.2014, 05:37, "Stephen" <[email protected]>: > > This is a weak symmetric schema because it only requires 1 mitm per group. > Trapdoor asymmetric at least relies on endpoint security per participant. > In any event, more interlocutors relates to more insecurity. Is there a > viable alternative? > On Nov 27, 2014 6:28 PM, <[email protected]> wrote: > > Hi again! > > Private conversation seems to be solved in TextSecure. May be in future we > will need to change basic algorithms and replace Axolotl Ratchet, but idea > seems to be good for long term usage. But, it does'nt really useful for > group conversations. We (in actor.im) are trying to find best way to do > encrypted group communications. > > We know two different ways of encrypted group messaging: > 1) Sharing one key sequence > 2) Sending messages like the private one - one message for each recipient > > At the beginning we implemented the first type of group messaging based on > rules: > 1) First of all creator of group conversation generate some secret key, > say, simple AES key and send to every participant of group like it do with > private messages. > 2) When someone invite participant to group it do the same: generates new > AES key and send it to everyone in group plus new user. > 3) When someone kick user it also change the group AES key and send it to > everyone. > 4) When someone leave group than someone from group must update group AES > key before sending new message. > 5) All messages are encrypted with current group AES key. > > This is not perfect and implemented just for testing our ideas. We can > implement some kind of ratcheting like in Axolotl Ratchet for better future > secrecy. We can add some better and more secure rules for group > conversations, but in still looks bad. It doesn't feel to be secure to > share one common key across all members of group. One of main plus of group > is that we can easily check encryption key for group. > > In TextSecure for groups is used same technique as used for private > messages. Any message is encrypted for every member in group and send like > private message and marked as message as part of group. It looks better for > security reasons because there are no single failure point as was with > shared key. It is simple to implement if you already have encrypted private > messages. But it is really hard to check keys - we need to check keys for > everyone from group by every member of group. Also it is much much more > traffic for this type of group encryption. > > In the end, it is much harder to detect that someone from group got > totally compromised. If someone from group will be compromised than > everyone will be compromised. > > Compromising one of user by adding maculous key to user's account (we > support multiple device for one account) may be solved by manual > verification by each group member on new key adding. For private > conversations we use simple notification message about adding new device. > > After all it seems that there are no good solution for group messaging. > > Any ideas? > -- > Steve K, > CEO Actor.im > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > > > > -- > Steve K, > CEO Actor.im > > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > >
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
