The latest version has protocol level updates which makes it incompatible with the previous versions and thus all peers must use the updated version to be able to chat. You wont notice any changes in the user interface (UI) since the changes are only related to the protocol.
The primary aim of this update is to improve the cryptography implementation used in Bit Chat. The newly added code provides strong cryptography with following features:
- The new protocol (v3) implements Perfect Forward Secrecy (PFS) using Elliptic Curve Diffie-Hellman (ECDHE_RSA 256bits) and Diffie Hellman (DHE_RSA 2048bits) for ephemeral key exchange mechanism with RSA for authentication using certificate (Bit Chat profile certificate). Mono framework doesn't implement ECDHE algorithm and hence Linux version of Bit Chat can use only DHE algorithm while Windows version of Bit Chat is able to use both the algorithms. AES 256bits in CBC mode is used to encrypt the data as it was in previous protocol.
- Key re-negotiation feature is added to protocol to negotiate new ephemeral key for data encryption based on time and data transferred. This allows the encrypted data channel to remain always ON while ensuring the protocol security by using different ephemeral keys.
- Authenticated encryption (Encrypt-then-MAC) is implemented using HMAC-SHA256 to check if the encrypted data was authentic (that is, to check if the encrypted data was modified in any manner while in transit).
- In addition to profile certificate based authentication, pre-shared key is used to establish the encrypted channel. The pre-shared key used here is the Group Chat password that was set while creating the chat. So, using a password for your Group Chat will improve the protocol security.
- The security of encrypted profile file (which is stored on your computer and contains your RSA private key for the profile certificate) is also improved by implementing PBKFD2 using HMAC-SHA256 with 200,000 iterations. This implementation will improve security of the file against password cracking or brute force attacks.
The above features updates are in addition to the existing ones listed below:
- Peer-to-peer architecture similar to how Bittorrent works. Infact, Bit Chat uses Bittorrent trackers to find peers in your group chat. So, you connect directly to peers without any server in the middle! Another advantage is that the data is routed through shortest path, that is, if your friend uses Internet from the same service provider as that of you, then the communication is not going to leave the local network of the service provider. And if your friend is on private LAN network, the communication stays in the private network itself, so you don't even need Internet for private LAN chat!
- A complete end-to-end encryption with digital certificate (profile certificate) based authentication combined with peer-to-peer network means nobody can snoop on your messages and you can ensure the identity of your friends.
- Transfer huge files with ease! All peers in the group that participate in file transfer share the bandwidth. It works similar to how files are shared using Bittorrent but, in a close group of users. Also, files transfered are encrypted just like your messages.
The source code is updated on GitHub and you can inspect the TechnitiumLibrary.Security .Cryptography project for verifying the implementation. And as always, send your feedback to support@bitchat.im.
No comments:
Post a Comment