Keybase Introduces Exploding Messages to Ensure Forward Secrecy of Transmitted Data

Encrypted social networking service Keybase introduced a new technology that they call exploding messages. As of today, you can put a timed fuse on any messages that you send through a Keybase chat interface. In a rather snarky yet good-natured blog post, Keybase recommended that intimate and important messages get this treatment to ensure that they’re always kept away from prying eyes.

Exploding messages work with one-on-one chats as well as those involving teams, groups and entire social communities. Users that you send an exploding message to have a brief period of time before the message explodes. A small bit of animation indicates that both the plaintext and ciphertext are disposed of when this timer runs out, which illustrates that the message has been rendered unusable as soon as those elements are disposed of.

All Keybase messages are encrypted on both ends of the transaction. No one would be able to read them without either compromising a device or gaining physical access to it.

However, this new technology renders messages even more secure under what Keybase calls a paradigm of forward secrecy. Since these messages are sent using temporary ephemeral keys, they can’t be read as soon as the key gets thrown away.

Even if someone in the future were to steal the key for your device and could look through your message history by capturing ciphertexts, they still wouldn’t be able to read messages transmitted in this fashion. As long as the person on the other end doesn’t make a copy of what you wrote or takes a screenshot, it remains gone for good once the timer runs out.

Linux security experts who prefer a 100 percent CLI-based workflow will be happy with the fact that they can also send exploding messages from a terminal. The keybase command line app is now fully compatible with this type of secured transmission.

Bots that deliver sensitive information can pipe JSON information to the keybase chat API, which means even automated messages can explode. Those who deploy bots to automatically deliver the location of secured downloads or other mission-critical cloud data in an enterprise-level environment may wish to look into this feature.

John Rendace
John is a GNU/Linux expert with a hobbyist's background in C/C++, Web development, storage and file system technologies. In his free time, he maintains custom and vintage PC hardware. He's been compiling his own software from source since the DOS days and still prefers using the command line all these years later.