Protect your Chat privacy: Design idea of external encryption software

Instant Messaging tools (commonly used for chat software and internet telephony software) are increasingly used by modern people, mainly because it is convenient, with the mobile phone 3G technology promotion, real-time mobile online ability, so that you even walk intermittently are "no", MSN, QQ has become the city of new and new human life signs. The high speed of information communication, make people think less time, character become urgent noise, a lot of words often blurted out, a lot of information inadvertently is not known by people know, do not want to be heard by the broadcast, do not want to be seen by the live ... More and more people are looking for the ability to encrypt the chat software.

Some people recommend the chat software's own encryption communication function, so do some of the self-deception. When a large number of chat records are exposed, private comments are published in front of people, embarrassing, shame, and you often do not know what is wrong. The reason is: this kind of encryption can not prevent the person who knows your chat password (may be a weak password is guessed, can also be stolen by Trojans), also can not stop those who provide you with chat services (service managers are usually very high privileges).

Encryption does not really "end-to-end", can not be controlled, the user's heart does not collapse ...

"Mobile phone" in a sentence to the effect is: when people no longer believe the media as a tool for communication, how do we express our truth? Who'd you dare to talk to?

Chat communication encryption and file storage encryption is not the same, mainly in the way of work on the time required. We say a word, the other side of a half-day no response, there is no interest in communication. For text-style chats, we can wait more than 30 seconds, because people type typing with intermittent time, this allows many people to chat with multiple people at the same time, the network phone (audio streaming) is generally one-to-one, and so on 3 seconds is difficult to endure (some like the foreign phone), and network video is real-time, With a 0.3-second delay, it is estimated that it will be difficult to satisfy.

Sensitive to time, the need to encrypt the way can not be too complex, and the encryption algorithm is not complex easy to be cracked, this is contradictory.

The current popular chat encryption method has the following several:

1, communication software tools to encrypt themselves: such as MSN, QQ, Skypi have their own encryption options, this way is the most direct, but the defect is also obvious:

A the encryption algorithm can be said to be basically fixed, public, it is easy to search the Internet

b The encryption strength relies on the software developer, easy to become the amateur cracked "exercises"

c because a lot of communication software has a centralized control server, responsible for the management of chat communication, for the management, he not only can know your password, and can record all your chat records

2, Special External encryption tool: For different chat software has "third-party" special encryption tools, such as Msnshell, ENCQQ, and so on, they work in the Chat tool user interface, the communication of the user information encryption, but does not affect the normal use of chat tools. The biggest advantage of this approach is that the chat tool can no longer see your chat content, the disadvantage is:

A The encryption tool is private and will be upgraded as the chat tool is upgraded, otherwise there is a compatibility issue

b) must chat both sides to install and start the plug-in tool

C This way can be said to be end-to-end encryption, because the encryption software is for a chat software, if the chat software developers do not want to be "overhead", the organization is not very difficult to decrypt the

Chat encryption has a common misconception: that the low-level link encryption can ensure that their information is not tapped, this is wrong. The chat tool is generally a service tool on the public network, is point-to-point communication, but the middle of the management is responsible for communication management (content transmission is peer-to-peer, but the control can be monitored), link encryption is only to protect your information in the transmission without eavesdropping, for the upper application, the information has become "clear"

"Encryption" can give users the core of security is: The user's own encryption is controllable, one can dynamically choose the algorithm and password. This can not only avoid the supervision of the Monitoring Department, the most important is the user himself "rest assured." Second, the user firmly believe that the encryption method is absolutely reliable, such as RSA, 3DES encryption algorithms, a short time to decipher is difficult.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/