Wickr was one of the most interesting companies I was introduced to at this year’s RSA Conference in San Francisco. The company was one of the finalists of the Innovation Sandbox, a program that encourages out of the box ideas and the exploration of new technologies that have the potential to transform the information security industry. Wickr is a free app designed to provide private communication over a range of devices running Android and iOS.
From a technical point of view, Wickr uses AES256 for encryption and ECDH521 for the key exchange. SHA256 is used for hashing and Transport Layer Security (TLS). All the encryption keys are used only once, and the Wickr servers don’t store any decryption keys. Besides the tough crypto, the key functionality of the service is the usage of a self-destruction mechanism for messages. Sounds quite good, especially with the recent snooping controversies.
iPhone users can download the application from the App Store. Upon installation, there is a simple process of setting up an account. The application will ask you for the permission to access your contacts, which you can deny and add the contacts manually.