Doesn't use AES, but have you seen signal? Written in part by the very skilled moxie, using the currently uncracked whisper algorithm. Very secure, only asks for phone number from phone it's installed on. Highly recommend

@deadPix3l Yeah I have heard of that, but I don't like the fact that you need to share your phone number. It's better if you don't need to share anything.

@bettehem I get that but with Android permissions being how they are, just about any app could get your number if they wanted. At least they use it responsibly (from what I can tell), are explicit about needing it and for what, and offer useful features in return.

Personal opinion: is unreasonable to expect a messaging app to not obtain your phone number, as I litterally can't think of one that doesn't currently.

@deadPix3l that's exactly what this app is attempting to change. A phone number could be something that can be added optionally to get features that use it, but the point being, that it's not mandatory to share anything with anyone.
Also, even if it's easy to obtain a phone number on an Android device, it doesn't mean that we should do it?

Isn't keybase like this? You can start chatting with out adding anything, fully encrypted and shits.

You can 'validate' your user with several things but they are all optionalm

@bettehem I'd create a second signal without the phone number part.

Because their encryption algo is the strongest one in this world and its open source!

so you're rewriting Ring?
https://ring.cx/
I know that there's another one, but I'm to lazy to look up it's name

There's also Wire, which is pretty great already (AND doesn't require a phone name)

@linuxxx interesting idea, but I want to create my own app from scratch so I can learn more.

I think this project idea suffers from "paranoid programmer syndrome". I goes something like this:

There's plenty of encryption/secure messaging/security apps out there, but we can't trust any of them. Wouldn't it be great to make a new one we can trust?! Yea it would. Small problem: you write this app, so obviously you trust it, but to your target audience ( a bunch of paranoid crypto nerds who don't trust the alternatives) you're just another peice of software they didn't write. Can they trust it? Probably not. So they will write their own secure messaging software. One they can trust. Just like you did.

And it ends with a messaging platform that doesn't achieve it's purpose, because only you use it, and there's nobody for you to message, because they all went and wrote their own platform.

It's not a criticism. been there, done that. Just making an observation.

@bettehem I understand that but please don't employ your own crypto!

Google released an end to end encryption library called capillary. You might look into that too..
not sure if the word 'google' really resonates with 'privacy' tho 😂

Fun fact: most encrpytion failures, bugs, or breaches don't happen due to the algorithm being weak or over asking for data. It's usually because people set out to be secure and don't use the library properly. Or worse, they don't use a library at all. Implementation is often the killer.

I write a lot of crypto code. A lot. It's fun! That said, I wouldn't trust anything I've written to secure sensitive data. Leave that to real cryptographers like moxie(signal), Phil Zimmerman(pgp), etc. These people spend their lives getting it right. And sometimes still don't.

I promise any attempt you make to be more secure than existing solutions will have the opposite effect.

@bettehem riot.im?