Message Board: http://memento.minuteboard.com/m/b/a/index.html
or via Email.
High Security Ephemeral Messaging App (beta phase)
* End to End Encryption (using SSL)
* Message Layer Encryption (using Diffie-Hellman Key Exchange and AES)
* Provides Perfect Forward Secrecy (By using one time keys for every message)
* No Persistence (Neither Key Material nor the messages are ever written to disk)
* Big Red Panic Button (Wipe yourself from the memento System)
* Optional: Self hosted server solution (Contact the author)
Q: What about the beta phase? Is memento actually secure or not?
A: The security critical parts of the app have been finished; the beta phase is about the user interface and server stability.
Q: How to add a contact?
A: Make sure you have the mobile phone number of your contact stored in your android contact list. Or add the name by clicking on the green plus sign in the contact list and entering the name of your contact.
Q: How to authenticate a contact?
A: Long-press on the name of the contact you want to authenticate on the contact list. Choose between manual and QR code based authentication.
Q: Why is this better than using OTR?
A: OTR is a good solution for synchronous messaging. This app allows sending messages even if your contact is offline.
Q: Why is this better than other apps that provide PFS?
A: Because none of those apps tell you how they manage the Key Material. Most of them silently write the temporal private keys to your smartphone neglecting the fact, that it is impossible to securely delete this data later on.
Q: Why should I trust this app?
A: Don't, rather see for yourself. I am providing the Source Code for the Client and the Server. And please tell me, if you find any security related issues. Those will be fixed immediately.
Q: Ok, so how secure is this app really?
1. There are no significant known attacks on AES-128 & AES-256. For further reading: https://www.schneier.com/blog/archives/2012/03/can_the_nsa_bre.html
2. The Diffie-Hellman Key Exchange, which is used for the generation of a shared secret, is considered equally secure.
3. The Smartphone itself is the weakest link in this cryptosystem. Since authentication is bound to the device, losing it means the finder could use the memento account on your behalf.
4. Since neither the ephemeral key material nor the messages are ever saved to a disk, they are gone when the memory is wiped.
5. I'd yet have to see a more secure mobile messaging solution.
* :) / :-)