I really love Signal, but it is lacking a good Public Key Infrastructure. I hope this is something that the WhisperSystems people are going to be working on in the future, because all the potential is there: The authentication method of scanning QR codes is brilliant, because it is so usable. For now, I have my fingerprint up on my homepage so people can verify it (as long as they believe that I have full control over my homepage). If you want to get your fingerprint as a QR code image file, this is what you do: Get the qrencode command line tool either through your Linux package manager or through cygwin on Windows. In Signal, choose My identity key from the main menu and type those digits into a file, say textsecure-fingerprint.txt. Then, use this little Python script to generate the QR code:
from base64 import encodebytes
from os import system
d = open("textsecure-fingerprint.txt","r").read().strip().split()
k = encodebytes(bytearray.fromhex(''.join(d)))
system("qrencode -o textsecure-fingerprint.png -l L -t PNG " + k.decode("utf-8"))
And there you go. If someone knows how to get the fingerprint directly from the device, I'd be happy to know that.


TrueCrypt is pretty dead. We need some options here, and as far as I can see, there are only two three: * CipherShed. Currently a vanilla fork of TrueCrypt. * VeraCrypt. A fork of TrueCrypt with some fixes and improvements. * Keep using TrueCrypt. Neither of the two alternatives has had an official source code audit or anything. They are both open source. I will give a quick summary of the facts on both forks, concluding that I have no clue and will probably flip a coin roll a D3. Whether these facts are pro or con is up to your discretion.

CipherShed Facts

  • They are on github.
  • They seem dedicated. Meaning, the information on their homepage sounds like they thought this through.
  • Not much has happened yet, they only forked TrueCrypt.
  • There is only a pre-alpha version available, which I won't touch.
  • They do not have any licensing information at all.
  • Longterm Plans are a bit fuzzy, according to their wiki they want to
    • Secure the code through audits, simplification, and a secure architecture.
    • Migrate towards a OSI-approved licensed codebase
    • Work closely with existing efforts such as OpenCryptoAuditProject, LUKS, GELI, and tc-play.

VeraCrypt Facts

  • According to the author in this thread, VeraCrypt was first published on June 22nd 2013, so it has already aged a bit.
  • In fixing some of the security flaws in TC, they break backwards-compatibility. There is a conversion tool available.
  • They are on CodePlex and the software is under Microsoft Public License.
  • Binaries are available for download, cross-platform.
  • Most relevant longterm plan is the ability to encrypt Windows system partitions/drives on UEFI-based computers (GPT).

So. If you have additional information, let me know in comments or by eMail. I am rattled beyond my usual level of confusion as to what I should do. Currently, I will probably give the VeraCrypt binaries a test ride on some machine.



On the second day of 29c3, we talked about the group law on an elliptic curve based on our old script (in German) called "Das Gruppengesetz auf Elliptischen Kurven". Today, we explained to some people how elliptic curves can be used to factorize the product of two primes, i.e. attack weak RSA keys. When we were done, we let the flipchart paper taped to the wall and sat down. Few minutes passed before two people in passing showed an unusual interest in our notes. A few words into the conversation, I bluntly asked them about their mathematical background, which was met with an amused > I'm a math professor, does that suffice? These people turned out to be Tanja Lange and Daniel Bernstein, two scientists who are rather big shots in mathematical cryptography. I am ashamed to say that I did not even know that, but I certainly understood that they knew a lot more about elliptic curves than me and they were willing to share. To be precise, they were really friendly, and good at explaining it. That's rare. Of course, I eagerly listened as they began elaborating on the advantages of Edwards coordinates on elliptic curves. The two of them had attended the talk by Edwards introducing the concept in 2007 and observed the cryptographic potential: Basically (and leaving out some details), it's all about the fact that \[ x^2+y^2 = 1+dx^2y^2 \] defines an elliptic curve, with all relevant points visible in the affine plane; check out the picture. Choosing $(0,1)$ as your neutral element, a group law on this curve is given by \[ (x_1,y_1) \oplus (x_2,y_2) := \left( \frac{x_1y_2+x_2y_1}{1+dx_1x_2y_1y_2}, \frac{y_1y_2+x_1x_2}{1+dx_1x_2y_1y_2}\right). \] With this shape, you never have to mention projective coordinates, the group law can be explained in a very elementary kind of way — and then it turns out that this shape also yields faster algorithms for point multiplication. In short: If you're into curves, cryptography or both, I thoroughly encourage you to check out their summary page about Edwards coordinates.