Simple End-to-End Encryption
Until WhatsApp had incorporated the Signal protocol, wide scale adoption of end-to-end encryption was nil. Yet, WhatsApp left the burden of authentication on the unsuspecting users (link). A new end-to-end encryption mobile app Crosspass incorporates authentication in a natural flow, such that it is always performed by users.
Crosspass positions itself not as an Instant Messenger, but as an app to send a single note, with sending passwords being a primary use case. The authentication is being enforced by virtue of the recipient typing a four digit PIN code in order to view a shared password or note.
Crosspass has the same UX as sending email to someone new. That’s because a Crosspass note can be composed before the receiving party installs the Crosspass app. The Lookup and PIN can be embedded already in the first email. But WhatsApp, other IMs, and PGP plugins, all require that the recipient should already be using the same system on the receiving end.
Crosspass is safer than other IMs. In order to intercept an exchange a MITM would have to guess a PIN which is as difficult as guessing 11 coin flips in a row. In contrast, WhatsApp et al. could MITM any conversation without difficulty by serving rogue public keys.
Crosspass is on the App Store and Play Store. More details are on the website https://crosspass.app.
