Encryption Details (questions/discussion)

I changed it in order to avoid confusion. Not sure if “Encryption Details discussion” would be a better title.

You can read the source code then you know exactly how it is done:

Yes I meant that.

Conclusion

I get that you’d like more information in the FAQ: You should open an issue on GitHub - deltachat/deltachat-pages: Delta Chat Website listing all the specs/points that you want to have added to the FAQ about the encryption.
That is valuable feedback, but please leave the “I’m entitled to immediate answers” - tone out of your posts. You don’t pay anyone of us for DeltaChat support, do you? Let’s keep this discussion/conversation cool and civil.

1 Like

As conclusion is written I rather dont like to add any more !!

But to my self-defense I have to write some words, but I will hold it short:

First of all:
I never have claimed to be right. I accept free speech and other meanings. I have used or often use the small words “would”, “at least for me”, “in my opinion”, “maybe”, “my point of view”. So everyone is free to share it or not. I stated it as user feedback. I would say this was and is civil.

I never claimed to be entitled for immediate answers or that I am a customer or a sponsor:
Please tell where than I change it if it still possible or change it with the use of admininstrator rights.
To say I have written in all cases “For example (e.g)”. And the examples are used to explain/make the idea/thinking clearer to everyone (hopefully).
Maybe name it showcase or analogy or comparison data.
At least for me examples are useful to get the idea.
Is that not clear: How can I be a customer if its not sold.
Is that not clear: How can you be responsible for something if its free.
That does not mean that you cannot feel responsibility. I do feel it to everyone I suggest this app. E.g. that the password is stored in cleartext and to take care about the install path/location (desktop-version) so no admin can see your password as there is a missing session-login.

Editing posts:
I never changed already posted thoughts.
Yes, I do spelling, quotes, line-breaks and add new thoughts
(if I think it is worth to add or as time passes or have been interrupted but want a quick reply)
But I do this only as long there is no reply.
In my opinion it is more readable to have one post than have “thousand” posts.

And the question I placed to no one specific. If no one knows it than is that so.
(Though asking me if naming the used cipher methods is such a big question)
I clearly stated me as user and non-crypto-expert.
For me this is a real paradoxon to link me to specs and source-code to fnd it out myself.
And as already stated: specs and implementations are two sides of a medal.
I dont want comment: code it yourself

Conclusion: I use all the infos I can get to understand, compare, get a feeling and decide what app I want use. For the bigger player it is easier to find out as there are a lot of technical reviews (from experts to the user). E.g. If I would be alone (God thanks this is not the case) maybe I would take Tutanota as my first choice for privacy/security (but has also flaws, e.g. no chat interface, everyone needs to register, ease-if-use and so on)

To say so far I feel great (even with this topic) with DeltaChat and I dont want forget to say:
Thanks for this app and your great work (this goes also to Autorcrypt).

1 Like

I forgot: I want to say thanks also for the work behind of all the 3rd party open source tools which are used in DC.

PS. on my own behalf:
I have written Telegram or WhatsApp are known to be highly secure apps.
But I should have better written: are said to be highly secure.
I will not take the burden to make such a judgement. I am not an expert.
And it was only taken as reference to explain my point of view,
as there a lot of other pure messengers around,
which for sure, all in all, includes also: DeltaChat

-----------------------------------------------------------------------------------------------------------------------------------------

The answer to this is, at least for me, clearly:
Threema Messenger [Readable and understandable. See Link on Top, Tab Security and Crypthographic Whitepaper.]
OR
Wire (Personal) Messenger, as its also multi-platform like DC
OR

Maybe you add you into this list.
OR
in this list DeltChat is already included:
https://media.kuketz.de/blog/messenger-matrix/messenger-matrix-en.html
Maybe you add a link to this site on your website.

[
E.g Crpythographic Whitepaper
you see: key lengths, random numbers, padding message, db encryption]

One point I want take out as it was the starting point of this discussion:

Padding
In order to thwart attempts to guess the content of short messages by looking at the amount of data,

]

But I know email-infrastructure is different to a specific messaging infrastructure, and it is nearly impossible to do the same or difficult to compare.

Feeling responsible regarding security for myself but especially to users I suggested your app. Therefore I have this list I would like to see in a so called “security” update (hopefully):.

1. at least an encrypted email account password it not whole db (especially on desktop version)
2. default connection method set to “SSL/TLS” instead of “Automatic”
3. missing connection option Authentication method “Encrypted password” (see maybe thunderbird connect options for other methods)
4. choosable install path (desktop version)
5. give password stars shown a fix length regardless of the real length of password
6. profile name “My name” with hint text: “(if set this is transferred in the headers too)”
7. an “Emtpy”-button to empty DeltaChat folder on the server manually (without any logic,
only and only for an existing DeltaChat folder, if it does not exists nothing happens)
8. padding (short) messages with random data
9. Make veryfied contact more visible (see that post)

This is to protect me and maybe others to occassionally or accidentally leak secret informations.

This single post need no answers. Each point which is erased or not implemented would make me feel a bit lesser comfortable regarding security (of the otherwise great app).
But sure anyone can continue with adding points to the list or other questions/discussion regarding encryption/security/privacy.

  1. at least an encrypted email account password it not whole db (especially on desktop version)

Isn’t disk encryption sufficient for most use cases? There are plans to implement secure backup transfer, but it will likely be implemented using transport security first.

  1. default connection method set to “SSL/TLS” instead of “Automatic”

Automatic means automatic choose between standard STARTTLS mechanism and non-standard SSL/TLS. Both are equally secure. Delta Chat never resorts to Plain automatically. Setting default to SSL/TLS will only result in Delta Chat failing to autoconfigure servers which only offer STARTTLS.

  1. missing connection option Authentication method “Encrypted password” (see maybe thunderbird connect options for other methods)

“Encrypted password” can mean different things, but usually it refers to legacy methods such as CRAM-MD5 developed before use of TLS became widespread, which require server to store plaintext password. Sending plaintext password over TLS is more secure than these schemes as in this case the server can store only the hashed password and your password cannot be extracted directly from the server database. This is why developers don’t have motivation to implement these mechanisms: Support for SASL authentication with encrypted password · Issue #38 · async-email/async-imap · GitHub
See authentication - Security of email (SMTP/POP) passwords - Information Security Stack Exchange for more.

  1. choosable install path (desktop version)

For Windows there is an experimental portable version on https://get.delta.chat/

  1. an “Emtpy”-button to empty DeltaChat folder on the server manually (without any logic,
    only and only for an existing DeltaChat folder, if it does not exists nothing happens)

There is an option for automatic deletion of messages on the server, you can set it to “at once”. It only deletes messages known to the Delta Chat instance, though.

  1. padding (short) messages with random data

Encryption of the same plaintext twice already results in different ciphertexts, because OpenPGP generates a new symmetric AES key each time, which is in turn encrypted with public keys of recipients. The message itself is then encrypted with AES key, which is unique for each sent message.

2 Likes

And the main reason is: I feel responsible when suggesting this app to even more non-technical users.
Also on the main website is written “Its like WhatsApp or Telegram”. This could give the expectation to somer users it is automatically secure as these apps more or less claim for itself or at least are well-known (true or false) as one of the most secure messaging apps.
They could think: “Nothing to care about”. But its not.
I cannot say: “Look a safe app!”. Its not, if you dont take care. I also dont want say: “DIY”.
This is also true for point 9: “Make veryfied contact more visible”.

Conclusion (at least for me):
I dont drop any of these points.

When STARTTLS option is selected, Delta Chat connects over plain connection and issues STARTTLS command. If the mail server does not switch to TLS after that, the connection is aborted. There is no fallback to the plaintext, you have to select Plain option explicitly for that.

Relevant source code in the core if you want to double-check:

There is no way plain text connection is used if the option is STARTTLS.

Here you can check the list of combinations tried when Automatic is selected, it’s either TLS or STARTTLS, never plain:

I have checked Threema whitepaper and my guess is that they add padding because they use stream cipher (XSalsa20), which preserves the size of the message. Delta Chat uses block cipher AES for symmetric encryption, so short messages are padded to the block size of 16 bytes. Threema specifically talk about the amount of data:

In order to thwart attempts to guess the content of short messages by looking at the amount of data, Threema adds a random amount of PKCS#7 padding to each message before end-to-end encryption.

I trust. you. Even better if this is the case.

I have searched in DDG “starttls vs ssl/tls”.
e.g. first hit: STARTTLS vs SSL vs TLS Explained in 5 Minutes | Mailtrap Blog

with Opportunistic SSL/TLS (aka Explicit SSL/TLS), a client will run a STARTTLS command to upgrade a connection to an encrypted one. If a server is compatible and no errors occur, the secured TLS or SSL connection will be established. If anything fails in the process, a plain-text transmission will be established.

So you say DC does it not that way?
But why STARTTLS at all then?
What is the sense then of providing STARTTLS / AUTOMATIC ?

I read it that way:
First “to thwart attempts…by looking at amount of data”
(for me: by checking outgoing message size)
And they write also “…padding to each message…”
(for me therefore: give the content extra chars so the output message has different size)

Yet I could agree, as I have verified two messages with same content and the output is different.

But I still would padding extra chars, cause for that reason:
Screen reader, Keyboard Reader.
Even with that a hacker could not get the full content cause of the hidden added extra chars
for each message. So a hacker is still in the same trouble as before. He cannot guess the real content.

We support STARTTLS and try both STARTTLS and TLS in default automatic there for better compatibility: there are servers which only support STARTTLS, there are servers that only support TLS, and there are firewalls/blocks which sometimes block one but not the other.

Ok. Than I would at least make a comment for ths options in the connection dialog,
so its clear for everyone that in all cases TLS is used or the connection is aborted except if one chooses “Off” intentional.
I will update the list and put this instead.
Thx.

A wish list for a so called “security” update (hopefully):.

1. at least an encrypted email account password, rather whole db (especially on desktop version)
2. a note in the connection dialog about the connection methods (see post directly above)
3. missing connection option authentication method “Encrypted password”
(see maybe thunderbird connect options for other methods)
4. choosable install path (desktop version)
5. give password stars shown a fix length regardless of the real length of password
6. profile name “My name” with hint text: “(if set this is transferred in the headers too)”
7. an “Emtpy”-button to empty DeltaChat folder on the server manually (without any logic,
only and only for an existing DeltaChat folder, if it does not exists nothing happens)
8. padding each message content with hidden random data
9. make-veryfied-contact-more-visible

Feel free adding points to the list or with other questions/discussion regarding encryption/security/privacy.

I disagree, don’t like any padding making message bigger in vain as already told it doesn’t matter with algorithms used by delta, and I think you can block screen reading with the option to block screen shots on android? and I am not sure how adding extra padding would prevent hackers from taking the message that you first typed but sure, we could also add some random letters while you type to protect the input area… :roll_eyes:

it would be needed to warn people if they are unsafe with this option, but if they are safe no need to bother people that don’t know what TLS is with: WARNING!!! you will be safe! plain text is not tried by default

1 Like

I would also like this, it is so hidden it is not really useful, I think there will be some work in “protected chats” soon :tm: and I hope :pray: this gets some love.

there was an option to manually trigger “delete ALL emails in a folder”, but some people complained that this option is too dangerous, and people could lost important emails, so it was removed, it can be useful in some cases, but in general with the new auto-delete options in my case I have not missed it.

if your are looking for a super secure app your friends probably don’t need/will-use I can recommend Briar, it feels super secure, you have to manually type a password to open it, can’t take screenshot(not even configurable), it connects over Tor, p2p, no email or phone number associated to you, can configure a “panic button”, can be used offline if you think Tor is also insecure :slight_smile:, but for friends from WhatsApp/Telegram anything not using a phone number will be better…

just my opinion and trying to joke a bit :smiley:

2 Likes

We can restore it for DeltaChat if it’s really needed.

Any protection which is possible is better than having it not is my opinion.
Adding some chars (wouldnt make a message that much bigger) was a thinking about and more or less committed by the Threema Whitepaper. The full content is protected in all cases. And there are more platforms than Android, not to say: Desktop

I have not thought about where to place a comment like this or if other words would fit better.
The idea behind is: (to) make it clear.
I am sure this would help to understand how it is done and what to choose.
[Not to forget: STARTTLS behave not as I have assumed or maybe one suppose]
But yes, it must be something so unexperienced users can work with such an info like this too.
So I probably would write it that way:

You have 4 options. You are safe with all three options except OFF. That means
on any connections problems try out first these three options as these options
guarentee an encrypted connection (in all three cases TLS only) to your server.
Usually automatic works fine. If it still fails try OFF.
But be warned: password is send unencrypted (cleartext) over the net.
Most provider allow encryption. Ask maybe for help before trying OFF.

Clear, I would agree. And note: I have suggested only and only the default
“DeltaChat” folder
. If this folder does not exist - nothing happens.
Not changeable/configurable. Nothing else, otherwise it would be counterproductive
[you mentioned already complainments].

Guess what. I already had\have it installed.
And its brilliant for its purpose. Its all set. Thats what I want to say. Make the app in that way. Less options yet safe. You have todo nothing. No wrongdoing possible. Even an unexperienced user can do not wrong. I can really recommend it for its ease-of-use and security.
But as said DeltaChat has its own purpose (and character). So lets move on with DeltaChat.

[ Initial List ]
An updated wish list for a so called “security” update (hopefully):.

1. at least an encrypted email account password, rather whole db (especially on desktop version)
2. a note in the connection dialog about the connection methods (see post above)
3. missing connection option authentication method “Encrypted password”
(see maybe thunderbird connect options for other methods)
4. choosable install path (desktop version)
5. give password stars shown a fix length regardless of the real length of password
6. profile name “My name” with hint text: “(if set this is transferred in the headers too)”
7. an “Emtpy”-button to empty DeltaChat folder on the server manually (without any logic,
only and only for an existing DeltaChat folder, if it does not exists nothing happens)
8. padding each message content with hidden random data (posts start with)
9. make-veryfied-contact-more-visible
10. Backup Verification Test Tool (check that an export does not fail on import)
11. durable warning signs on changes (possible MITM) until new verification/approval

Feel free adding points to the list or with other questions/discussion regarding encryption/security/privacy.

to be honest, i find these repetitive lists quite useless and annoying, they kind of stop and reset discussion flow.

but if others find them useful as well, i would be fine with that.

2 Likes