Wickr Releases Crypto Protocol on GitHub

Secure messaging service Wickr is opening its cadre cryptographic protocol to review past making the code available on GitHub. The move is a get-go for the company, which until now had kept its efforts proprietary.

"It is now fourth dimension to begin opening the source code so our customers and partners tin can easily review the crypto codebase and validate the promises we brand to Wickr'south users," Wickr CEO Joel Wallenstrom said in a press release. "We hope this first release will inspire constructive critical feedback, further advancement of Wickr'southward security, and adoption of secure communications tools."

Anyone interested in perusing the code can view it on GitHub or on Wickr'southward website.

The code being released today powers Wickr Professional person, the visitor'due south production targeted at enterprise customers. The protocol is called Wickr-Crypto-C, and is an upgrade designed to better meet the needs of enterprise customers, especially with issues of scalability.

"The upgrade significantly improves the efficiency in key management for large group conversations in secure rooms," reads the Wickr press release. "A notably lighter, entirely client-based protocol, wickr-crypto-c enables scalable, strong perfect forward secrecy and ephemeral collaboration."

The new protocol is 50 percent lighter than the one used in the current consumer product and will perform better in low-bandwidth environments, Wallenstrom told PCMag.

While this is the first time Wickr has released its lawmaking, the company notes that information technology was ever carefully picked over for potential security flaws. "No Wickr product goes to marketplace without extensive scrutiny past our Advisors and best in the industry third-party security teams."

How Open Source Is It?

The lawmaking does not, however, represent the underlying technology powering Wickr's consumer product Wickr Messenger. That'southward unfortunate for everyday users looking for the assurances open code provides. Yet, Wallenstrom confirmed to PCMag that it'due south the company'south eventual goal to merge the products and then that consumer and enterprise users do good.

"The commitment is to accept them on the same protocol," said Wallenstrom.

The release of the code also does not hateful that Wickr is giving its approval for others to use the company'due south code on their own. "It's not yet forked for public use," Wallenstrom told PCMag. "These are difficult procedure and so right now we're in there for public review."

That'due south not to say Wickr won't somewhen allow others to use the code on their own. "Hopefully people volition learn from it and we can larn from people. And hopefully it can be used by others, eventually downward the line," Wallenstrom said. "My history is from the security research community, so I but have a predisposition to participate and collaborate."

Code and Capabilities

When Wickr first emerged as a mobile, it touted its security pedigree. The service was set upwardly in a zero-cognition system, where the company retained equally fiddling data as possible about its users. It could non be compelled to hand over information, not even with a court order, merely because it has no information to give. Early, the company besides assorted itself with Snapchat, which at the time was under fire for failing to delete posts from users. Wickr, meanwhile, used a organisation that let users decide when messages expired and then actually followed through with deletion.

Wickr also fabricated a betoken of using perfect forrard secrecy. This means that even if an assailant managed to discern the key used to encrypt a message and read its contents, that fundamental couldn't be used to decrypt any other message.

Notably, Wickr engages all of its security features by default. Platforms like Google Allo and Facebook Messenger utilise the Signal protocol to secure messages, but only those sent when in a special secret-messaging mode. For its role, Signal has its ain messaging app, which, like Wickr, is a PCMag Editors' Pick winner for secure messaging services.

The Telegram messaging service also employs advanced security features in a secret messaging mode, and also has kept its lawmaking to itself, opening itself to criticism on both counts past security professionals. WhatsApp uses the Bespeak protocol, too, but encrypts every bulletin.

One of the criticisms levied against Wickr was that it remained closed to inspection. Signal, on the other hand, has been open source since its inception. While Wallenstrom says that Wickr listened to those critics, he stood by the company's piece of work. "People accept done wonderful things and been airtight-source," he told PCMag. "I don't think this is a binary blackness-and-white affair."

The company argues that these features are more vital than ever. "In light of recent political and security events that have dramatically changed the course of governments and businesses, we need a seismic shift in the security culture to empower companies and organizations to utilize the right tools for the right conversations," reads the Wickr press release. "It is no longer responsible to store everything at all times and expect sensitive information to remain secure."

In addition to the company'southward technical pedigree, Wickr notably refused direct force per unit area from the FBI to place a back door in its software.

Source: https://sea.pcmag.com/security/14041/wickr-releases-crypto-protocol-on-github

Posted by: webbtrus1947.blogspot.com

Share this post