List of Secure Instant Messengers
This list describes an overview of Instant Messenger Clients, which are sending the Message encrypted. For that, several criteria are to consider.
Description
Open Source
Encryption algorithms must be transparent. For that, the open source status of the application is essential. Messengers, which are not revealing the source, must be trusted by the company, offering the messenger. To find flaws and failures in the code, only an audit of a community beeing able to look into the source can check, if the encryption implementation has been done in a proper way. In general it is recommended to not trust closed source encrytion.
Decentral Model
A messenger will fail, if a central server is closed or surveilled. For that decentral server architectures have been developed, either bei a peer-to-peer technology, or by open source chat servers, which can be set up by everyone. An architecture, where all the messages go not through a central server is a big plus in redard for security, because a one-stop-shop for surveillance is not as secure as if a decentral model is choosen.
Symmetric Encryption
Symmetric enrcyption describe a kind of passphrase, only both users know to decrypt the message. It is a hidden secret, only both participants know.
Alternatives in Asymmetric Encryption
Asymmetric encryption means, that both participants have a private and public key. The public key must be exchanged. A mathmatical operation then encrypts the message with the public key of the receiver. Mostly the RSA Algorythm is used here. As it is based on not-solveable complex mathematical operations, the encryption might be regarded as safe. But what happens if the complex problem is soon a simple one? Better to not have only RSA as the only method in this regard, but also here some alternatives: e.g. ElGamal or NTRU. NTRU is regarded as secure even for quantumcomputing.
Keysize
The Keysize describes the lenght of the needed mathematical operation. Simply spoken, the longer the Key, the longer it takes, to try to crack it. Today a key size of 2048 for asymmetric keys is recommended.
Forward Secrecy
Forward Secrecy describes the option to change the encrryption key every session or even instant.
Multiencryption
Multiencryption describes several layers of encryption. E.g. you can add a symmetric encryption within an asymmetric encryption, the ciphertext then is locked once more with an additional password.
Clientside Encryption
The encryption key must be stored on the device of the user, not on a remote server in the web. Also the plaintext should be processed to ciphertext on the device of the user. It must happen in his hand, not on a remote server.
Groupchat and Filetransfer
Some Messengers offer Groupchat and Filetransfer. These features as well should transfer only encrypted bytes.
Key not stuck to IP ?
The Public Key is needed to identify the user. Mostly the own IP address is then related to the own public Key. But, there are messengers, which do not relate the Public Key to the own IP address. This offers more security, as the IP cannot targeted for getting on the remote machine, where e.g. the private key is stored too. In case an attacker knows the IP related to an public key, he can try to get on the remote machine and download and decrypt the private key, which then offers the decryption for all encrypted communication.
Proxy
Proxies and Tor might help to have the own IP not related to the public key.
Chat to Offline Users
Messengers without a central server need special means to be able to message to friends, which are offline. This is mostly done by storing the messages in other online friends. As this is a quite convenient feature, some messengers offer this in an encrypted way too.
Transport protocols
Not all messengers support the most given transportprotocols like TCP, UDP and SCTP.
Chatserver open source
As some Messenger need a central server, the source of this chat server need to be published, to be transparent and auditable as well for this bridge, a message takes. Here as well as for the client the claim should be, that this part of the software should be open source as well.
Table Overview of Secure Messengers
Client Name | Open Source License | Without Central Server | Symmetric Encryption (e.g. AES, DSA) | Asym.: RSA | Asym.: NTRU | Asym.: ElGamal | Default Asym. Keysize | Max. Asymm. Keysize | Forward Secrecy | Multi-Encryption | Clientside Encryption | Encrypted Groupchat | Encrypted Filetransfer | Public Key not stuck to IP? | Proxy /Tor | Chat to offliners | TCP | UDP | SCTP | Serversoftware open source | Website |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
BitMail [1] | BSD | yes | yes | yes | no | no | 2048 | 8192 | yes | yes | yes | yes | no | yes | yes | yes | yes | yes | no | yes | http://bitmail.sf.net |
Chadder [2] | no | no | no | no | no | no | ? | ? | no | no | ? | no | no | no | no | no | yes | no | no | no | http://etransfr.com/products.html |
Chatsecure | GPLv3+ / Apache 2.0 | yes | no | yes | no | no | 1028 | 1028 | yes | no | yes | no | no | no | yes | no | yes | no | no | yes | https://chatsecure.org/ |
CryptoCat | yes | no | no | yes | no | no | 1028 | 2048 | yes | no | yes | no | no | no | yes | no | yes | no | no | yes | https://crypto.cat/ |
FireFloo [3] | BSD | yes | yes | yes | no | yes | 2048 | 8192 | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | https://firefloo.sf.net |
Folpy [4] | GPL v3 | yes | no | yes | no | no | 1024 | 1024 | no | no | yes | no | yes | no | no | no | yes | yes | no | yes | https://bitbucket.org/folpy/folpy |
GoldBug [5] | BSD | yes | yes | yes | no | yes | 2048 | 8192 | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | https://goldbug.sf.net |
Hemlis [6] | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | http://heml.is |
Kontalk [7] | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | ? | http://kontalk.org |
Kik [8] | no | no | no | ? | no | no | ? | ? | ? | no | ? | no | ? | yes | no | ? | yes | ? | no | no | http://kik.com |
Myenigma [9] | no | no | yes | yes | no | no | 2048 | 2048 | yes | no | yes | no | no | yes | ? | yes | TCP | ? | no | no | https://www.myenigma.com |
RetroShare [10] | GPL | yes | no | yes | no | no | 2048 | ? | no | no | yes | yes | yes | no | no | no | yes | yes | no | yes | https://retroshare.sf.net |
SecuXabber | GPLv3 | yes | no | yes | no | no | 1024 | 2048 | yes | no | yes | no | no | no | ? | no | yes | no | no | yes | http://sourceforge.net/projects/secuxabber/ |
Spot-on [11] | BSD | yes | yes | yes | no | yes | 2048 | 8192 | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | https://spot-on.sf.net |
SureSpot [12] | GPLv3 | yes | no | yes | no | no | 1024 | 2048 | yes | no | yes | no | no | no | ? | no | yes | no | no | yes | https://www.surespot.me |
Telegram [13] | no | yes | no | yes | no | no | 1024 | 2048 | yes | no | yes | no | no | no | ? | no | yes | no | no | yes | https://www.telegram.org |
TextSecure | GPLv3 | yes | no | yes | no | no | 2048 | 2048 | yes | no | yes | no | no | no | ? | no | yes | no | no | yes | https://github.com/WhisperSystems/TextSecure/ |
Threema | Public Domain (encryption library only) | no | no | yes | no | no | 2048 | 2048 | transport layer | yes | yes | yes | no | yes | no | yes | yes | no | no | no | https://threema.ch |
Waste | GPL | yes | no | yes | no | no | 1024 | 1024 | no | no | yes | no | yes | no | no | no | yes | no | no | yes | https://waste.sf.net |
WhistleIM | no | no | no | yes | no | no | ? | ? | no | no | no | no | no | no | no | no | yes | no | no | no | https://whistle.im |
Bleep | no | no | no | yes | no | no | ? | ? | no | no | no | no | no | no | no | no | yes | no | no | no | https://bleep.bittorrent.com |
SimsMe | no | no | no | yes | no | no | ? | ? | no | no | no | no | no | no | no | no | yes | no | no | no | https://sims.me |