Implementing WhisperSystem encryption

[ThYpHo0n]

WhisperSystem just announced that they will partners with WhatsApp and they will include their end-to-end encryption to WhatsApp soon: https://whispersystems.org/blog/whatsapp/ We should be beware of it and check if we can easily implement their encryption to this plugin. They have public github repos available: https://github.com/whispersystems/textsecure

[dequis]

The original implementation of axolotl was split off to its own repo: https://github.com/WhisperSystems/libaxolotl-android It was ported to python by the yowsup dev: https://github.com/tgalal/python-axolotl And it's being ported to lolphp by the whatsapi dev: https://github.com/mgp25/libaxolotl-php

Apparently only the official android client has this implemented, and since whatsapp-purple imitates the windows phone version of whatsapp, we might not need this yet.

According to github's language statistics 40% of the libaxolotl-android code is C, the rest is java, porting it to c++ doesn't seem too terrible.

[dequis]

C++/qt port here: https://github.com/CODeRUS/libaxolotl

[ThYpHo0n]

There is a official lib from WhisperSystems: https://github.com/WhisperSystems/AxolotlKit I'll may take a look into this later this week.

[dequis]

That's Objective C, with a bunch of mac os X / iOS specific dependencies.

[davidgfnet]

I fckin hate reinventing the wheel. They had TLS, they went for their weird cipher auth. They had OTR and they went for this weird sms protocol. Same for XMPP, HTTP....

[dequis]

Nah, i think it's okay in this case. OTR doesn't work for async use cases, you need both users to be online for it to work. I think (but not sure) that axolotl also covers group chats.

[davidgfnet]

Well... PGP? Anyway. Ill take a look at it later. Summarizing a bit: how are peer keys created/exchanged?