Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: Networking
Hi,
 
I have developed one Chat application using WCF (with TCP communication). In that application I am using C# .net Cryptography provided encryption and decryption with adding my key in all message while sending and receiving message on client form.
Questions,
Is it possible for network administrator to find all chat messages ? OR
Can he / she be able to read that chat message ? OR
Can chat messages / network communications logged on server ?
 
If yes how to view that log ?
Posted 4-Jan-12 19:11pm

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

The answer depends on the way you do it. If you use public-key cryptography (http://en.wikipedia.org/wiki/Public-key_cryptography[^]) (such as RSA) and do it right, nobody can read the message after is read and discarded by a client; being administrator or not is irrelevant here.
 
If you use any single-key system and send a system over internet… how can it be secure?
 
A communication is totally secure it a receiving party generates both keys and sends an encrypting key as public. Both server or other client part get only the public key and can encrypt a message, but it can only be decrypted by the party who generated the key, as a private key should not be sent anywhere. In other words, the party which uses a key to encrypt message cannot decrypt its own message — this is the whole idea of the security based on a public key.
 
So, how to archive unencrypted messages for later search, etc.? It won't be a problem if you have only two parties, without a server (or if a server just transmit encrypted messages transparently). The parties exchange two pairs of keys (four altogether). Each sending party archives the message before sending (as it will never get a key to decrypt its own message; it can only decrypt the counterpart's message), and each receiving party decrypts and archive decrypted message after it decrypts it. Everything is symmetric. This way, each party can archive all messages passed on one-to-one conversation and cannot read any messages from other parties; moreover, nobody in the middle who could spy on messages could not decrypt any of them. Even the server.
 
Here is why we can trust such servers! Imagine that the server's behavior is totally hidden, but the client software is Open Source (this is the only way when you can use 3rd-party service and trust it no matter what it does). Analyzing this source code, one can make sure that only public keys and encrypted messages are sent. From this fact, you can be sure that your messages are not decrypted in the middle. Of course you can trust your companion on the other end, as this party could disclose your public key to someone who could impersonate your counter-part; but this is a different problem — you could solve it using digital signature of the data, which is the opposite to encryption, please see http://en.wikipedia.org/wiki/Digital_signature[^].
 
—SA
  Permalink  
Comments
Member 8120983 at 6-Jan-12 6:35am
   
Thanks, Explanation is very good and informative as well.
SAKryukov at 6-Jan-12 11:16am
   
You are very welcome.
Good luck, call again.
--SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 8,284
1 Sergey Alexandrovich Kryukov 7,327
2 DamithSL 5,614
3 Manas Bhardwaj 4,986
4 Maciej Los 4,920


Advertise | Privacy | Mobile
Web04 | 2.8.1411023.1 | Last Updated 5 Jan 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100