Here’s what’s been taking me away for NETMF; an extremely secure messaging app. Share messaging and photos with AES256 encryption, push notifications and a bunch of rule options available. Screenshots are disabled too so no one can ever forward those pix
Releases next week for iOS, Android and and more to follow. We’re already working to add even more features like secure files with even more rule options and beefier encryption (AES256 + rules and obfuscation).
When you are ready to release it, I’d suggest sites like “WMPower User” and “WIndows Phone Central”. They are listing new and updated apps daily on their RSS feed.
We’re probably about 2 months away from releasing the Win8 version. In addition to everything the WP8/iOS app does we’re adding the new file sharing/tracking and I’m rewriting the entire backend.
The new backend (which will then be incorporated into the mobile versions as well) adds long timeout requests to other areas of the app. For instance instead of sending & receiving messages like texts you can see realtime who is typing a message, etc.
The keys are not stored locally. Let me try to walk you through this.
The file itself is encoded using AES256bit encryption. It generates a key based of a password you provide. The password is required to recreate the key.
The rules are also encrypted using your password and additional data.
The encrypted file and encrypted rules are joined into a single packet which also contains the salts and IV (which are also encrypted).
The packet is then written to a file (local or web based on the rules you selected)
In order to open this file, no matter where it is, you will need the password. Just like any other encrypted file. The difference between this and any other standard AES256 file encryption is the addition of rules (which are validated by the app) and the additional obfuscation built in.
The obfuscation means that even if you new the packet format and the password a normal AES256 decryption routine would fail unless you also knew the obfuscation technique, such as variable iterations, etc.
On WP8 it’ll have to either go through our server or SkyDrive since WP8 apps can’t really share outside of themselves too well. It does have a file association though so encrypted files are easily directed to the app for unlocking.
If you can crack it within 1 month there is a monetary reward (which is detailed in the text of the encrypted file).
It should be nice an easy to work with being less than 2K in size and having plain text as the decoded output. It’s encrypted using AES256 with the following password: Th1s1sth3p@ ss//0rd!
I’m not sure how you can confidently say that unless you’re an educated, experienced cryptographer. Maybe you are. I don’t know. If you’re not, I wouldn’t trust your word on it. What I do know is that educated, experienced, trusted cryptographers say that AES256 is already overkill (but Bruce says don’t switch off it if you’re already using it).
Anyone with the password can bypass the rules. That’s something that potential customers should know upfront. You don’t want to be the guy whose name and picture is plastered all over the news when the internet finds out that your app doesn’t really protect people’s information.
The reward in the encrypted file is a decent size (especially considering its my own money). Let me know if you need anything like the packet format. I’m willing to give you every chance to prove me wrong.
[quote=“godefroi”]
I’m not sure how you can confidently say that unless you’re an educated, experienced cryptographer. Maybe you are. I don’t know. If you’re not, I wouldn’t trust your word on it. [/quote]
Schneier’s Law: https://www.schneier.com/blog/archives/2011/04/schneiers_law.html
“Anyone can invent a security system that he himself cannot break. I’ve said this so often that Cory Doctorow has named it “Schneier’s Law”: When someone hands you a security system and says, “I believe this is secure,” the first thing you have to ask is, “Who the hell are you?” Show me what you’ve broken to demonstrate that your assertion of the system’s security means something.”