• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

General Security .....>

Bitmessage is great for a community such as this, but cannot communicate with those not in the peer system. It has the advantage of hiding all the headers as well as the message. All messages are sent encrypted to everyone on the network, but only those with the appropriate keys are able to (automagically) decrypt the messages sent to them. The disadvantage is that messages only last for two days before evaporating. Your client holds the messages until you delete them.

A new service that looks very appealing is Tutanota.de. Much better than hushmail as it provides end to end encryption and they cannot decrypt anything on their server. At least that is their claim. They just went open source, so it should be confirmed soon.

While cryptocoins are not illegal at this point, the law has a strange habit of becoming more restrictive with time. It is important imho to develop systems and methods BEFORE they are outlawed. They can't confiscate what they can't find or have no reason to believe you have. The time to study these things is now, before such things are all explicitly identified as criminal by the powers that be.

Aso, while I am hardly an expert, my understanding is that tor to vpn to target is secure, while vpn to tor to target is not. Think about it, an attacker can see you enter the tor network, but can't see what or with whom you are communicating, but a vpn can log your ip and the time you entered tor. A sufficiently powerful attacker can see what comes out of the tor network, but not where it came from, unless it can coordinate the timing and size of the exiting material with its entrance at a particular vpn. In any event you should always do your own due diligence.
 
Tutanota stores the private keys on their servers, according to the FAQ... *rollseyes*

Bad encryption is always worse than no encryption.
 
vertoe,
You are correct about Tutanota keeping the private keys on their server, but I think you might be drawing the wrong conclussion. I too was taken aback by this and wondered why all the hype by privacy buffs who should know better. It seems the answer is in this statement from their FAQ:

"The private key is saved encrypted in our highly secure data center in Germany. The password that you use upon registration for authentication also secures your private key. An automatic password check on the client makes sure that you use an adequately strong password.

To protect your password Tutanota uses the hashing algorithm bcrypt and additionally SHA256. Bcrypt remains to be the safest method and was confirmed and highlighted during the extensive penetration test by the SySS GmbH.

The private key of the user and the hashed password for authentication are cryptographically separate from each other so that nobody can deduct the key from any password data. The key is encrypted so strong that only the user can use the key for encrypting and decrypting data."

While I don't pretend to be a security expert, I try to keep up with the tec and to listen to those who are. At this point THEY seem pretty happy with Tutanota. But as always... do your own due diligence!

BTW-it looks like you might be involved with the darkcoin package on AUR. Will I be able to use that to get RC5? What is the best channel for discussing this? Is there a thread. Sorry for the nubie and maybe out of place questions.
 
The private key is saved encrypted in our highly secure data center in Germany. The password that you use upon registration for authentication also secures your private key. An automatic password check on the client makes sure that you use an adequately strong password.

To protect your password Tutanota uses the hashing algorithm bcrypt and additionally SHA256. Bcrypt remains to be the safest method and was confirmed and highlighted during the extensive penetration test by the SySS GmbH.

The private key of the user and the hashed password for authentication are cryptographically separate from each other so that nobody can deduct the key from any password data. The key is encrypted so strong that only the user can use the key for encrypting and decrypting data."

Based on that text alone, I would also not use them. No mention of salting. Physical security and electronic security need to be in step, else each is without value. The password you use is then used to secure your key, is ridiculous, and then the password is only checked by the client. The first rule of Security Engineering is 'never trust the client'.

Just a few points :)
 
Thanks yibble. :) You probably know more than I do in this area. (It wouldn't take much.) My understanding is that using gpg for any content would keep it safe from Tutanota. That would mean that at best they would have the headers, and be no worse than any other service (except Bitmessage that I know of). Their crypt between their servers and sender and recipient sound reasonable, and the elimination of headers in transit seem to me to make them worthy of consideration--especially at no cost. That and the German legal protections seem better than many other venues.

Am I missing something here? Any counsel is appreciated.
 
Thanks yibble. :) You probably know more than I do in this area. (It wouldn't take much.) My understanding is that using gpg for any content would keep it safe from Tutanota. That would mean that at best they would have the headers, and be no worse than any other service (except Bitmessage that I know of). Their crypt between their servers and sender and recipient sound reasonable, and the elimination of headers in transit seem to me to make them worthy of consideration--especially at no cost. That and the German legal protections seem better than many other venues.

Am I missing something here? Any counsel is appreciated.

I've not read up on this solution much, but from what little I've read in your posts makes this look like a solution looking for a problem to solve. I would never intentionally let a private key pass outside of my direct control. Once you do, all bets are off. You're then trusting someone else who has the keys to your kingdom.
 
Last edited by a moderator:
Understood, and agreed. What seems to be often overlooked (IMHO) is that there are at least two problems involved in secure communication. Gpg deals with the message itself, but does nothing for the network of associates you are working with. The various alphabet soup agencies are far more interested in the latter. I am in the somewhat strange position of being more concerned about revealing who I com with, than what the actual com is. Hence my concern with headers. I am not involved in anything (that to my knowledge) is illegal at this point in most, if not all, Western democracies. Sadly, the same cannot be said for many of my friends in other areas of the world.

Strix
 
Anonymity is incredibly difficult to achieve, even more so with encryption as encryption typically provides confidentiality, integrity, and authenticity. With most common technologies the best you can hope for is psuedonymity. I'm aware of academic research in to Anonymous Broadcast Encryption, but I've not personally used any practical implementations to really comment on them.

The law has a habit of changing, what isn't illegal today may well be illegal tomorrow, even more dangerous is when the surveillance of one government falls in to the hands of an idealogically opposite replacement regime. Encrypt it all... Unless you're in the UK. For those of us in the UK, excessive encryption creates its own risk too.
 
Back
Top