![]() Team: The core crypto team has long been a strong internal advocate for opening the source code, and they have finally prevailed ☺. We are confident that the GitHub community will have ideas and constructive suggestions on how we can further evolve our protocol to make it stronger against emerging attacks (and, of course, fix a bug or two) Security: While Wickr is not a new tool for peer-to-peer encrypted ephemeral messaging, this protocol represents a new generation crypto in Wickr products. Transparency: It is important for us to share with Wickr Professional customers how the Wickr crypto is designed in a way that is easy to review Starting with this crypto lib, Wickr is opening its source code to its customers, partners, and the larger community-here is why: Pull requests are always welcome!Īny questions regarding the protocol itself (i.e: crypto design ideas, suggestions, high-level conceptual critique) can be be directed at all other security issues, please contact Wickr’s bug bounty program here. Please keep the issue tracker of this repo limited to code level bugs found in the implementation of the protocol as described in the white paper. We strongly believe in the value of the open source movement and are looking forward to collaborating with the community on this and other future projects, including under the GNU license. This crypto lib is released for public review for educational, academic, and code audit purposes only (*this is not an open source license, more on license here). ![]() A markdown version of the white paper can also be found in the wiki. So, what do you think, which app is better? Are you comfortable with sharing your phone number with Signal? Give us your two cents in the comments below.Wickr-crypto-c is an implementation of the Wickr Secure Messaging Protocol in C, which provides a platform for secure communications across all Wickr products.Ī white paper describing details of the protocol and its security model can be found here. The final choice boils down to you and what you expect from an encrypted messaging app. As mentioned, both apps are super secure and offer plenty of features to protect your communication. It would be unfair to pronounce one or the other app as the overall winner. With Two-Factor Authentication, you could be required to provide additional info and the company would log it. This is something that might change with a future update, though it’s not that simple. But Signal doesn’t provide support for Two-Factor Authentication. If you overlook the fact that you need to provide your phone number, there aren’t any negative sides. In other words, nobody can get your information unless they snatch your phone and somehow manage to log into the app.Īs for the security protocols, Signal uses Perfect Forward Secrecy and proprietary Signal protocol. In addition, they aren’t recoding whom you’ve been chatting with. ![]() That said, the app doesn’t log anything regarding your contacts or groups you’re in. The same goes for the time and date you joined and the date of your last log-in. The thing is, you need to provide a phone number when registering with the service and they keep that phone number on record. But some information is on Signal servers. But don’t get this wrong, Wickr is also good in this respect.Īs for the actual storage protocols, the data lives on your device in an encrypted form. Signal goes the extra mile to secure your data. And similar to Wickr, it’s available on iOS, Android, Linux, and Windows. More importantly, Signal complies with GDPR 100%.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |