WhisperSystems: A Suite Of Apps For Mobile Security

by Grey One •

WhisperSystems is a useful suite of apps for mobile security.

Informal notes from the developers:

There is no server-side component to TextSecure, since it’s currently just using SMS/MMS as a transport, so it uses “whitespace tagging.” Unencrypted messages that you send have a distinctive whitespace pattern appended to them, which TextSecure looks for. The disadvantage is that you generally always send one unencrypted message to a contact before upgrading to a secure session, but otherwise it works pretty well.

RedPhone has a server-side component which periodically pushes out a bloom filter of registered numbers to registered clients. Outgoing calls are then intercepted by RedPhone, checked locally against the bloom filter, and given the opportunity to upgrade if possible. That way the check happens locally and you don’t leak your normal call history to the RedPhone switch.

We’re currently adding a server-side component to TextSecure in order to support the TextSecure for iOS client that’s in development. We’re on track to do the same bloom filter pattern there.

See also their blog.

Leave a Reply

Your email address will not be published.