Keybase Exploding Messages
source link: https://www.tuicool.com/articles/hit/UnI3M3u
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
NEWS FLASH: Keybase Exploding Messages
June 20, 2018
Hi everyone. Starting today, you can put a short fuse on your Keybase chat messages. This works for 1-on-1 chats and also inside team, group, and community channels.
demonstration from my brother
We recommend your most intimate and most corporate messages get the exploding treatment. Each end of the professionalism spectrum. Don't put that dank meme or Income Statement in Slack, people. Put it in Keybase, so it's encrypted.
And if you'd like it to be temporary , make it explode.
Some details:
They blow up
When the time comes, KA-BOOM
When the countdown hits zero, everyone throws away the plaintext and ciphertext.
Exploding messages have forward secrecy
Forward secrecy means your apps use temporary "ephemeral" keys that are thrown away.
To be clear, all Keybase messages - not just exploding ones - are end-to-end encrypted . No one can read them without compromising one of your devices.
Forward secrecy is something extra. It protects you if someone in the future steals your device's key and also has access to old recorded messages, say by scooping up ciphertexts as a man-in-the-middle.
Forward secrecy works extra well with timed messages because your device destroys both the decryption keys and plaintext.
Splosions from the command line
You can also send exploding messages from your terminal of choice.*
# example: messaging a friend keybase chat send --exploding-lifetime "30s" friend1234 \ "Yo - meet @ 10pm under the powerlines. Bring the stuff" # example: corporate excellence keybase chat send --exploding-lifetime "6h" acmecorp.finance \ "That is NO laughing matter, James."
* assuming sane choices
If you're writing a bot, you can pipe JSON to keybase chat api
. Example:
{ "method":"send", "params":{ "options":{ "channel":{ "name":"vegetarians.bots" }, "exploding_lifetime":"1d", "message":{ "body":"smellbot has detected meat in the office foyer." } } } }
You can get more API examples with keybase chat api --help
.
That's it!
Another step forward for Keybase. Cryptography for everyone.
More stuff soon,
:sparkling_heart: Keybase
FAQ
Are there docs on how this works?
Yes, here are thecrypto docs. And here's the Keybase source code .
My team uses Telegram and I'm scared shitless.
Hugs
Why don't all messages have forward secrecy?
We've blogged about this before . It's not the right answer for a mainstream chat replacement, because it forces dangerous behavior and/or makes you lose all your group's messages when you update devices.
Still, it's up to you! Now you can have all the forward secrecy you want with Keybase.
What about repudiation?
Repudiation is launching in ~3 weeks.
So yes, in chats up to 100 people, messages will be pairwise MAC'ed. Pairwise MAC'ing doesn't scale for mega-large community chats, so those messages are still signed & encrypted in the traditional sense. This seems like the best balance.
Some have argued repudiation is a silly feature. After all, who, in the history of humanity, has ever not gotten in trouble for something that leaked, just because it wasn't cryptographically signed ?
Anyway, this is minimal overhead with some benefit, so we're doing it.
Does the timer begin when the message is sent or received?
Sent.
This seems like the only sensible answer for group chats. And we can't have a different answer for 1-on-1 chats and group chats. That would confuse people. Not the kind of person who reads an FAQ such as yourself, of course.
So our answer is simple: you set a timer and the message is gone after that time.
I have nothing to hide
Because no one is trying to hurt you
Recommend
-
152
🚀 Keybase launches encrypted git Every now and...
-
127
keybase/kbfs: Keybase Filesystem (KBFS) This repository has been archived by the owner. It is now read-only.
-
65
README.md saltpack a modern crypto messaging format https://saltpack.org/
-
29
Or: how to shuffle a deck, surrounded by enemies March 11, 2019 by Chris Coyne
-
31
Getting your service on Keybase a.k.a. Keybase's brand new Proof Integration Guide The most basic idea behind Keybase is that it's a protocol and directory for connecting people's identit...
-
40
April 15, 2019 Today we're announcing that Keybase has a new, open proof protocol, and we've kic...
-
27
I recently relaunched my website with Hugo, Gitlab.com and AWS services. But now, I want encrypted source code all the way from my laptop to deployment. No trust required on Cloud serv...
-
10
:heart: Jan 31, 2020 The Keybase app is getting amazing. It now has everything from an encrypted, free Slack replacement tohonest coin flipping. All while becoming more and more usable . In o...
-
15
title date category tags Using Keybase.io for secure git repos 2020-04-08T16:06 git git keybase secure...
-
14
雷锋网 (公众号:雷锋网) 消息,据外媒报道,近日,Zoom收购了仅有25名员工的网络安全初创公司Keybase,这是该公司自2011年成立9年以来首...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK