RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.8k stars 10.72k forks source link

Off-the-Record (OTR) Messaging [$1,000] #36

Closed wanderer closed 2 years ago

wanderer commented 9 years ago

There is a $1,000 open bounty on this issue. Add to the bounty at Bountysource.

Againstreality commented 8 years ago

Is the mobile implementation on the way?

marceloschmidt commented 8 years ago

Christian, what's your mobile specs? Have you tested it? It works for a few modern browsers.

Em ter, 15 de mar de 2016 18:07, Christian Schuster < notifications@github.com> escreveu:

Is the mobile implementation on the way?

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/RocketChat/Rocket.Chat/issues/36#issuecomment-197019260

Marcelo Schmidt

Againstreality commented 8 years ago

Its about the apps for Android and ios i personal use an iphone 5s with ios 9.2.1

marceloschmidt commented 8 years ago

It should be working with latest androids and with ios 9.2.1. Have you tested it?

Againstreality commented 8 years ago

yes is have testet it. And the option is not there. Maybe it was forgotten in the cordova Code?

marceloschmidt commented 8 years ago

@Againstreality can you please open an issue, then? Please state your server version, mobile version, and screenshots of your problem. Thanks.

engelgabriel commented 8 years ago

Hi @jespow have you been following the development of this feature? Do you have any comments on the current implementation?

pkaluzacog commented 8 years ago

Since the advantages of the Axolotl ratchet in a more-than-desktop-chat world have been mentioned already, count me among the supporters. At the same time I'd like to give a shout out to the OMEMO ratchet and protocol, which brings even more security and user convenience.

ccoenen commented 8 years ago

I also believe OMEMO would be the standard to back instead of (or perhaps on top of) OTR. There's implementations in

probably a good starting point even though some of it is Java.

(edit) I found the XEP: https://conversations.im/xeps/multi-end.html

electropolis commented 8 years ago

Did something changed here? As I see that in Rocket.Chat OTR function gives me Timeout and it's even not a good option for securing messages during conversation as I read all comments here.. I see you are working on alternative solution. Is there any progress ?

thche commented 7 years ago

push

C3realGuy commented 7 years ago

OMEMO encryption would be awesome.

ghost commented 7 years ago

Right now riot.im/app is working with Double Ratchet Algorithm (encryption works with multiple participants, and with offline messages) https://github.com/matrix-org/olm https://github.com/vector-im/riot-web/search?utf8=%E2%9C%93&q=olm&type=Code

I'm not good developer but seems that in terms of backend it's easy. But in frontend we will require:

graingert commented 7 years ago

Mention notifications can be done by sending a DM with special markup to the mentioned users

graingert commented 7 years ago

Eg the client that sends the mentioned tagged message in a grpup uses the DM channels to push notifications

dmkjr commented 7 years ago

Any update on this? I'm just getting a "timeout" error when attempting to use it.

ShalokShalom commented 7 years ago

Seems like we can build up on this? https://github.com/RocketChat/Rocket.Chat/blob/master/packages/rocketchat-otr/client/rocketchat.otr.room.js

0xdevalias commented 7 years ago

FWIW, I would love to see the olm double ratchet that matrix is using (based off the one signal uses from memory) implemented

ccoenen commented 7 years ago

@mitar is the paper you mentioned available somewhere? You mentioned it being in review a year ago - and it sounds very interesting!

Also: Thanks for your very detailed descriptions.

mitar commented 7 years ago

Sadly, not. We had issues finding research novelty in that work. It was mostly engineering work, which is not what academic papers should be about, it seems. :-(

tompinzler commented 6 years ago

+1 for Olm Double Ratchet. It's certainly challenging to implement but would imho provide the most features (one-on-one and group conversations, partial forward secrecy etc.) and best user experience.

napalm23zero commented 6 years ago

Any news? Anything? Anyone? I can see OTR option on my self-hosted Rocket.Chat, but not working.

geekgonecrazy commented 6 years ago

Make sure you are using https

geekgonecrazy commented 6 years ago

Our implementation of e2e encryption has a PR open: #10094

Would be great to get some feedback on that PR.

PanderMusubi commented 6 years ago

You can add this line at the top of the issue description, it will update itself

![badge](https://api.bountysource.com/badge/issue?issue_id=18684038)

and look like

badge

ghost commented 6 years ago

Bounty still open?

sscotth commented 6 years ago

It is still listed on BountySource, but #10094 was released with v0.70.0. So I assume it has not been claimed yet. Either way this issue should be closed.

@mrinaldhar @geekgonecrazy @wanderer @jespow

ccoenen commented 6 years ago

Is that pull request really OTR, though? From the commits alone I can't tell. E2E and OTR are very different things.

geekgonecrazy commented 6 years ago

@RocketChat/core can someone address the concerns here.

Technically OTR has been in for a while. Now we have E2E encryptions with #10094

Does this issue need to stay open for some specific tasks for OTR? Maybe refactoring OTR to go on top of the e2e?

cc: @engelgabriel

sscotth commented 6 years ago

https://github.com/RocketChat/Rocket.Chat/issues/36#issuecomment-107080470

Off-the-Record (OTR) Messaging

Allows you to have private conversations over instant messaging by providing:

Encryption

No one else can read your instant messages.

Authentication

You are assured the correspondent is who you think it is.

Deniability

The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

Perfect forward secrecy

If you lose control of your private keys, no previous conversation is compromised.

sscotth commented 6 years ago

@LemonAndroid I don't think the issuer is responsible for submitting the completion claim.

Neustradamus commented 4 years ago

Any news on it?

gustavorps commented 4 years ago

Bountysource decided to update their Terms of Service:

2.13 Bounty Time-Out. If no Solution is accepted within two years after a Bounty is posted, then the Bounty will be withdrawn and the amount posted for the Bounty will be retained by Bountysource. For Bounties posted before June 30, 2018, the Backer may redeploy their Bounty to a new Issue by contacting support@bountysource.com before July 1, 2020. If the Backer does not redeploy their Bounty by the deadline, the Bounty will be withdrawn and the amount posted for the Bounty will be retained by Bountysource.

https://www.bountysource.com/issues/18684038-off-the-record-otr-messaging

HLFH commented 4 years ago

@gustavorps Withdrawn. https://twitter.com/Bountysource/status/1273406549252177920 But RocketChat needs to migrate to another bounty platform.