It's a neat idea, but I hope nobody uses it for anything actually sensitive until the crypto is fixed:<p>The app uses counter mode encryption with no nonce. In counter mode, the encryption process uses a stream of pseudo-random bytes generated by encrypting an incrementing counter with the secret key. The message is then XORed against this keystream.<p>For this to be secure, you need the keystream to be different for each message. Otherwise, if you have multiple messages where the plaintext is XORed against the same keystream, you can take the XOR of any two ciphertexts, and you have:<p><pre><code> C1 ^ C2 = (P1 ^ K) ^ (P2 ^ K)
= (P1 ^ P2) ^ (K ^ K)
= (P1 ^ P2) ^ 0
= P1 ^ P2
</code></pre>
And now you can break that by statistical techniques, or just trial and error.<p>(Obligatory crypto challenges link: <a href="http://cryptopals.com/sets/3/" rel="nofollow">http://cryptopals.com/sets/3/</a> )
A major problem with using ICMP is that you'll "stand out like a turd in a punch bowl!" (apologies to the movie Up the Academy).<p>ICMP is used for a limited number of very specific things. If you appropriate it for more general use, your traffic will stand out. Look at me! Look at me! Look at me! If you're using crypto, I think rule #1 should be to blend in, to <i>not</i> call extra attention to yourself.<p>I'd rather start my communication by sending a TCP packet to port 443. Just like billions of TCP sessions start every day. That doesn't help you if someone is specifically targeting you, but it <i>might</i> keep you from being noticed initially.
Nice to see experimentation in this direction.<p>Another P2P chat project (webRTC this time): <a href="https://github.com/mehrvarz/rtcchat" rel="nofollow">https://github.com/mehrvarz/rtcchat</a>