Secure Chatting ~ CYPH Encrypted Messenger

Ever wondered about the platform to use when wanted to rely on secure messaging, encrypted connection, secure file sharing and VOIP? Well, we have been wondering about it too. With this article we’ll start presenting different approaches, solutions and platforms that could assure you a certain level of privacy for all your endeavours.

Cyph ~ Encrypted Messenger

Cyph is end-to-end encrypted using our patent-pending Castle messaging protocol. Castle is an encryption protocol inspired by the classic Off-the-Record (OTR), with a number of architectural details influenced by Open Whisper Systems’ Signal Protocol — such as the use of elliptic curves (ECDH/Curve25519).

The major departure that Castle takes from these other solutions is that it’s been designed to theoretically withstand an attack from a quantum computer running Shor’s algorithm (50 – 100 years from now). This is thanks to our incorporation of the post-quantum cipher NTRU, along with lower-level details such as a unique public key authentication technique that mitigates the theoretical strengths of a quantum computer. This helps ensure that your now-private conversations won’t one day suddenly become public after an accident of science.

Fun fact: to crack a single Castle message would require 1038 Tianhe-2 supercomputers running for the lifetime of the universe.

Anonymity via Tor Hidden Service

Just connect to the Tor network and navigate to cyphdbyhiddenbhs.onion (“cyph’d by hidden backbone host server”). While this won’t totally eliminate communication metadata in the way that solutions like Ricochet are designed to, it does very effectively obfuscate the origin of any traffic you send to Cyph.

Important note: Tor Browser Bundle is not currently supported. A bug in Firefox Private Browsing mode (which TBB depends on) currently causes it to misbehave when confronted with our TOFU implementation, and subsequently block any access to Cyph.

Video Calling and File Transfers

Voice/video calling is encrypted using a direct peer-to-peer DTLS-SRTP session between the clients, with public key authenticity assured by means of a fingerprint exchange via WebRTC signaling within the original Castle session.

File transfers are encrypted symmetrically using a one-time XSalsa20 key, which is distributed from the sender to any recipients through Castle.

Important note: unlike file transfers and standard Cyph messages, voice/video calling is in fact theoretically vulnerable to quantum computing attacks, due to a property of the WebRTC specification that (by design) blocks us from protecting the entire key exchange within our Castle session.

Application Integrity Validation

Cyph application packages are verified at run-time using our patent-pending browser-based Trust on First Use code signing framework, WebSign. WebSign will protect you even in the event that our servers and/or your TLS session are compromised.

Until we solved it, addressing this had long been considered an intractable problem, which is why you’ll commonly see advice to avoid any product claiming to offer private communication or other cryptographic protection from within a web app (e.g. MEGAChat by Mega.nz, ProtonMail, etc.). With the sole exception of Cyph, such advice should be taken very seriously.

No Signup or Downloads Required

Cyph is extremely simple for anybody to use, and runs anywhere in one click — no installation or registration required. This makes it very easy to jump right into using, or to deploy to any new device (in addition to completely eliminating any potential hassle for friends with whom you intend to engage in encrypted communications).

Cross-Platform — Works on Any Device

Since Cyph runs right in your browser (being, quite literally, the only secure web app in existence; see “Application Integrity Validation”), you can use it from your desktop, laptop, phone, or tablet — just about any relatively recent device! We’ve got native mobile and desktop apps in the works as well, so be sure to keep an eye out for when you can download Cyph.

Summary of the above

We have tried Cyph several times, by initiating the platform, sharing the link with the person called and by using Cyphs’ excellent messenger. I think you should try it too.

Any other secure messaging applications available? See the video below or read our other Security articles >

If you would need any additional support?

Please find CONNECT 2u2 Web Professional services below. Our servers are secured by Let’s Encrypt SSL’s and whenever a customer applies for a new package, hosting plan, domain name (hosted with us) or later sub-domain – all content is safe and secured by fully validated SSL Certificates.