0

I'm currently thinking about writing a text/voice chat tool that is fully e2e encrypted and runs on Android, iOS, Linux, OSX and Windows. (Btw if you know a tool that already does all of these things and is pretty much plug-and-play, please let me know!)
And at the moment I'm asking myself if I really need to route every message and every call through centralized a server. Wouldn't P2P be much more efficient?
This is the list of cons and pros that I could think about for P2P:

Cons

  • exposes the users IP address
  • both the sender and the receiver have to be online at the same time to exchange a message
  • IP address changes cause disconnects

Pros

  • lower latency
  • fewer points of connection failure
  • higher quality calls
  • server doesn't need to be as big
  • more security (less potential interception points, data can't accidentally be stored on the server etc)
  • temporary down-times of the server wouldn't matter too much.

Well I came to the conclusion that I should give the user an option to choose between the two.
But would it even be worth the effort?
I remember having a ton of problems (especially with computer games) that used P2P connections. A lot of the times it didn't seem possible without forwarding ports in your router...
Now I'm wondering if there are any issues with this on the mobile Internet because I've never seen a mobile port forwarding option or the like.

Forivin
  • 14,780
  • 27
  • 106
  • 199
  • Why the close votes? – Forivin Dec 16 '15 at 16:28
  • How will you exchange encryption keys between clients? How will you protect the metadata on the server? – zaph Dec 16 '15 at 17:29
  • @zaph I'm not sure yet, but I'm all for very good and safe encryption. There will definitely be a new encryption key for every message and everything will be end-to-end encrypted, so that there will be no rational way to implement a backdoor. The server will store as little data as possible and passwords won't be stored in plain text etc. – Forivin Dec 16 '15 at 18:16
  • If there will be a "new encryption key for every message" how will the communication devices share that key? Nice that "server will store as little data as possible" but what will you do when you are served a subpoena? – zaph Dec 16 '15 at 18:29
  • I'm not exactly sure what you mean, but the key exchange shouldn't be a problem. I'll probably do something similar to how it's done in SSL. So there will be a private and a public key and the private key will obviously never leave the clients device and the public keys cannot be used for decryption. I would also make the whole thing open source so that there really is no way that I could be forced to secretly implement a backdoor. And in case of a subpoena.. there is not much I could do because there is almost no data on the server. User ids, Hashed passwords, IPs of active clients. – Forivin Dec 17 '15 at 10:57
  • I was thinking about not even storing the users email address, unless he/she wants a way to reset the password if he/she forgets it. – Forivin Dec 17 '15 at 11:00
  • The problem with passwords is they are forgotten, especially if there are restrictions that force a difficult password. Users will forget, many users have given up on remembering the passwords and just rely on the password reset when it is needed. – zaph Dec 17 '15 at 12:24
  • So each user will create a key pair and where will they sent the public key? The public key is not secret but there must be authentication that it is the correct one. How will autnetication be made and used? How will commucations be initiated? In general the encryption and communications are very difficult. You need to get that worked out and vetted by a domain expert. – zaph Dec 17 '15 at 12:48
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/98244/discussion-between-forivin-and-zaph). – Forivin Dec 17 '15 at 14:14
  • The design of the whole scheme is a non-trivial, both the communications and security. You need to diagram out the commutations with tools like sequence diagrams. It is a lot more that a discussion can handle. – zaph Dec 17 '15 at 16:03
  • We're still having a discussion though and it doesn't really belong in the comment section. And the encryption part is pretty straight forward actually. There are hundreds of libraries that take are of all the dirty work. Things like OTR for example are really great. – Forivin Dec 17 '15 at 17:48

0 Answers0