[GPC] OWASP Project (maybe?): Cryttr - Encrypted Twitter

Mark Roxberry mark.roxberry at owasp.org
Wed Jun 17 14:09:50 EDT 2009 

I agree and we do plan to move to it to a more open platform.
Silverlight answered our immediate need (crypto on client, iso
storage, deployment) and the cryttr site is just an implementation
example (what we used IRL).  Id like to separate out the components so
that the crypto client piece is agnostic and open and anyone can build
a UI for it.  I'm working on a similar client for Android.


On Wednesday, June 17, 2009, Matt Tesauro <mtesauro at gmail.com> wrote:
> A couple of comments:
>
> * If you have concerns about violating any Terms of Service, you should
> consider doing this for more open platforms.  Your suggestion for
> Wordpress is one that is open and easily extended.  You might also look
> at Identi.ca (http://identi.ca/) which is a AGPL [1] micro blog (i.e.
> twitter clone)
>
> * How wide spread is Silverlight?  Would this work on my Linux and OS X
> boxes?  I know Mono has some support for Silverlight but my experience
> with Mono is that its hit and miss generally.
>
> * I can't even see the site https://www.cryttr.com without Silverlight.
>
> * This reminds me of OTR a plugin for Pidgin which accomplishes a
> similar thing for IM: http://www.cypherpunks.ca/otr/
>
> I really like the idea - just wondering if a more cross-platform
> solution would be easier for adoption, etc.
>
> [1] http://www.fsf.org/licensing/licenses/agpl-3.0.html
>
> -- Matt Tesauro
> OWASP Live CD Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
> Boberski, Michael [USA] wrote:
>> Unsolicited $0.02, but you may want to be a little careful with this.
>> Using such a client may be tresspassing. Using any client or API besides
>> the one(s) provided by the service provider is tresspassing according to
>> most service providers' user agreements. I'm not a lawyer, but had
>> explored this type of thing in the instant messaging space while working
>> in R&D at a commercial security product company a long time ago, before
>> the services started opening up. Perhaps(?) less important, you may want
>> to see if you're implementing an already patented idea, looking at
>> Twitter more generically as a broadcast IM/messaging service.
>>
>> Mike B.
>>
>>
>> ------------------------------------------------------------------------
>> *From:* global-projects-committee-bounces at lists.owasp.org
>> [mailto:global-projects-committee-bounces at lists.owasp.org] *On Behalf Of
>> *Mark Roxberry
>> *Sent:* Wednesday, June 17, 2009 10:31 AM
>> *To:* dinis cruz; Coimbra,Paulo; Global Projects Committee
>> *Cc:* Gary Burns
>> *Subject:* [GPC] OWASP Project (maybe?): Cryttr - Encrypted Twitter
>>
>> I wanted to put this out there as a project that Gary Burns and I were
>> working on earlier this year.  We were in need of a way to do some
>> encrypted messaging to a group of distributed people with as little
>> overhead as possible.  We threw together a Twitter client that encrypted
>> our "tweets" with a shared password (not the twitter account password).
>>  We have not built a password exchange mechanism as we were simply
>> exchanging the password out-of-band.  That part is important, but as a
>> proof of concept, we did get an Alpha version working.
>>
>> We shelved the idea for a few months, but after seeing the recent news
>> re: Iranian elections and the importance of async messaging
>> (http://blogs.wsj.com/digits/2009/06/16/twitter-retains-spotlight-in-iran-coverage/),
>> we thought we might put the idea/code/tool out to people.  I know we
>> need a timeline view, password exchange, maybe a proxy to setup
>> accounts.  Other ideas are welcome (and full on criticism, too).  Gary
>> and I are also considering creating clients for all types of web
>> properties that have a posting API (e.g. Blogger, WP, etc.), if this is
>> a viable idea.  If it is a viable idea and OWASP worthy, we would be
>> happy to promote it as an OWASP project.
>>
>> Here's our current roadmap
>>
>>     * Create a timeline screen and poll for updates
>>     * Create a front end for encrypting and decrypting user input using
>>       AES.
>>     * Create a provider model to access popular blog API's.
>>     * Create a provider model to subscribe to syndicated feed types,
>>       e.g. RSS, ATOM.
>>     * Provide the ability to serialize and transfer documents as "posts".
>>     * Develop an out of band method for key exchange
>>
>>
>> Here are the links:
>>
>> Proof of Concept site:
>>
>> https://www.cryttr.com
>>
>> Code site:
>>
>> http://www.codeplex.com/cryttr
>>
>> It is open source and you can host it on your server.  The client is
>> Silverlight, so data is entered on the client and messages are encrypted
>> on the client.  The POC site uses SSL for the client to post to a web
>> service that posts to Twitter (using Twitter's services via SSL).
>>
>> We would appreciate any feedback.
>>
>> Regards,
>>
>> Mark
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Global-projects-committee mailing list
>> Global-projects-committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>

More information about the Global-projects-committee mailing list