Cryptor

Introduction  

If you are a corporate user or someone who is concerned about the security of your conversations, Cryptor is the web application you were waiting.

Cryptor is a messaging web application that allows you to  chat with your friends and/or partners with total confidence, without worrying that others can see your conversations. 

Background

Messaging services used today do not offer sufficient security to users if an account gets hacked, the user can easily recover access to his account, but your information may have already been seen by others, important information , trade secrets, etc..

These messaging services recommend, as a security measure, use the HTTPS protocol, which only protects your conversations when they are sent to the server, but if the attacker gets your password? Then, the use of HTTPS would be useless.

So, What does Cryptor do?

The program encrypts your conversations at user-level, so HTTPS is not necessary, also the conversations are stored as encrypted data, so no one can see your conversations except you.

But, what if someone access into my account without permission?
The intruder will only see meaningless strings, because your conversations will be encrypted. 

How Azure might benefit the project? 

Azure is a rock-solid platform that provide us a great performance and scalability, with support for various technologies, we will rapidly finish and extend Cryptor to the cloud. 

Using the code 

We will  use easy-to understand javascript functions to communicate with the server, but the  code will be obfuscated and compressed for production. 

 For example, we will get the current user contacts with the following function 

this.getContacts = function() {
        $.post("messages.php", {a: "contacts"}).done(function(data) {
            try {
                var contacts = $.parseJSON(data);
                addContacts(contacts);
            } catch (e) {
                //handle error
                console.log('Unable to get contacts from server');
            }
        });
    }; 

We will use a smarter way to report user status to the server, not just report every x seconds.

//reportar al servidor y obtener estado de los contactos
    this.report = function() {
        console.log('Reporting...');

        //si la diferencia es mayor a 5min, eliminar intervalo y setear null
        if (unixTime() - this.lastMove >= 300) {
            console.log('Timeout reached, clearing interval');

            clearInterval(this.reporting);
            this.reporting = null;
        }

        //mandar peticion al server
        $.post("messages.php", {a: "report"}).done(function(data) {
            try {
                //arreglo de objeto de contactos, u=id del contacto   s=estado 1:conectado,0:desconectado
                var contacts = $.parseJSON(data);

                for (i = 0; i < contacts.length; i++) {
                    var c = contacts[i];
                    var status = 'stEnabled';
                    if (c.s === "0")
                        status = 'stDisabled';
                    
                    $('[usr='+c.u+']>.usrStatus').removeClass('stEnabled').removeClass('stDisabled');
                    $('[usr='+c.u+']>.usrStatus').addClass(status);
                }

            } catch (e) {
                //handle error
                console.log('Unable to report user to server');
            }
        });
    }; 

Points of Interest

Why not just create an extension for Facebook or similar sites?
We've already tried that, we have created a private-use addon a time ago, but that creates dependency on the messaging system, so if something in Facebook changes, the addon stops working, also there are some license restrictions on messaging sites and the conversations security may get compromised by the messaging service. 

History

0.1 Initial version, UI Design, Databse Design, Some Javscript and PHP functions.