When comparing Online encryption tools vs Element (formerly Riot), the Slant community recommends Element (formerly Riot) for most people. In the question“What are the best ways to send secure, encrypted messages?” Element (formerly Riot) is ranked 2nd while Online encryption tools is ranked 8th. The most important reason people chose Element (formerly Riot) is:
You're not confined within Element's or even Matrix garden, and you don't have to make users of other networks switch to Matrix.
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Bridges to other networks
You're not confined within Element's or even Matrix garden, and you don't have to make users of other networks switch to Matrix.
Pro Markdown support
Code snippets in chats can be highlighted with Markdown.
Pro Simple interface
Element has a very simple interface, adding the ability for more inexperienced users to use it.
Pro VOIP and Videoconferencing
Pro Supports encryption
Element allows for fully encrypted text, voice, and video chatting.
Pro Widgets support
Want to watch that flick at YouTube and discuss it at the same time? Have Grafana graphs stacked above your DevOps team chat? Collaboratively edit Google Docs and chat over without switching applications? This is possible with Element.
Pro Decentralized
An open network for secure, decentralized communication.
Pro Self-hosting and federated network
Pro Libre/open source
Pro Search
Search messages in your current room, or all the rooms you're in. Not subject to a message history limit like Slack.
Pro Cross platform
Web browser
Linux
OS X
Windows
Android
iOS
Pro Large existing community
With public rooms for many people, and you can create your own and let people from the community join.
Pro Etherpad real-time document collaboration
An easy to activate integration that allows multiple authors to edit a document simultaneously.
Pro File Sharing
Pro Supports text, voice, video
Cons
Con Shared passwords have many flaws compared to other approaches to encrypted messaging
Passwords invite crackability, since the user might not opt to generate them randomly. Password compromise means the compromise of every message encrypted with the same password, past and future. Symmetric encryption means you need a different password for each group. If there are more than two people passing shared messages together, the encryption scheme doesn’t add proof of a message’s origin, unlike other options.
Con Not open-source
(applies only to infoencrypt.com)
The JavaScript is minified and no original source is provided.
Con Weak use of encryption primitives
- Both services currently listed derive keys from passwords with 1,000 iterations of PBKDF2. The NIST-recommended minimum is 10,000.
- infoencrypt.com uses a fixed, public secret key for its HMAC, meaning the message can be tampered with undetectably without knowing the password:
Secret key is simply
infoencrypt.com,AES,128b
in binary representation ([0x69, 0x6e, 0x66, 0x6f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x41, 0x45, 0x53, 0x2c, 0x31, 0x32, 0x38, 0x62])
Con In-browser encryption is hard to audit
With local open-source tools, you can read the source before running; with reproducible builds, you can also confirm that any precompiled packages are genuine. In a browser, it’s much harder to make sure that the source you’re looking at is what’s actually running, and that nothing else from the same origin is interfering with it. And your recipient has to do the same!