librelist archives

E-Mail security

E-Mail security by Yuri Nahum
- Re: [remailer] E-Mail security by Tom Ritter
  - Re: [remailer] E-Mail security by Michael Rogers
    - crypto project in transitionary period by Yuri Nahum
      - Re: [remailer] crypto project in transitionary period by Tom Ritter
    - Re: [remailer] E-Mail security by Yuri Nahum
      - differential cryptanalysis by Yuri Nahum
        
        Re: [remailer] differential cryptanalysis by Tom Ritter
  - Re: [remailer] E-Mail security by Tyler Gillies

E-Mail security

From:: Yuri Nahum
Date:: 2012-01-25 @ 17:13

Hey Folks,
yesterday I tried to set up a GPG-key pair and messed around with this
stuff.

As I understand it, GPG is just simple signing and then encrypting. So
it is vulnerable to surreptitious forwarding.

I found this nice article about it:
world.std.com/~dtd/sign_encrypt/sign_encrypt7.html

Does anybody know if there is a good standard for secure e-mailing? Like
Sign&Encrypt&Sign or something like that?
And if not, why? Why is the world full of defect standards?

All the Best
Yuri

Re: [remailer] E-Mail security

From:: Tom Ritter
Date:: 2012-01-25 @ 18:37

> As I understand it, GPG is just simple signing and then encrypting. So
> it is vulnerable to surreptitious forwarding.

All encrypted email schemes are vulnerable to this.  Send me an email,
I decrypt it, and I can send the plaintext to whomever I want.

> Does anybody know if there is a good standard for secure e-mailing? Like
> Sign&Encrypt&Sign or something like that?

Inline PGP, S/MIME, and the recently announced STEED [1] are three I'm
aware of.  PGP works well between friends without webmail or mobile
mail, but most people don't use it.  S/MIME works well within a
corporation, but falls apart outside it.  (Disclaimer: I know very
little about S/MIME and haven't played with it.)

> And if not, why? Why is the world full of defect standards?

http://xkcd.com/927/

-tom

[1] http://g10code.com/steed.html

Re: [remailer] E-Mail security

From:: Michael Rogers
Date:: 2012-01-25 @ 19:08

On 25/01/12 18:37, Tom Ritter wrote:
>> As I understand it, GPG is just simple signing and then encrypting. So
>> it is vulnerable to surreptitious forwarding.
> 
> All encrypted email schemes are vulnerable to this.  Send me an email,
> I decrypt it, and I can send the plaintext to whomever I want.

The threat described in the paper is that Alice signs a message, Bob
forwards the signed message to Carol, and either Carol or some other
party is fooled into thinking that Alice sent the signed message to Carol.

Encrypted email schemes don't have to be vulnerable to such attacks. For
example, the scheme could specify that the signature must cover the
intended recipient's email address.

Cheers,
Michael

crypto project in transitionary period

From:: Yuri Nahum
Date:: 2012-06-02 @ 12:48

Hey Guys,
Does anyone of you know what's up with crypto.is?
When will the site launch again?
Are there any similar projects, where i can linger around in the meantime?

Best regards
Yuri

Re: [remailer] crypto project in transitionary period

From:: Tom Ritter
Date:: 2012-06-02 @ 20:40

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2 June 2012 08:48, Yuri Nahum <gibarian22@yahoo.de> wrote:
> Hey Guys, Does anyone of you know what's up with crypto.is? When will 
the site launch again? Are there any similar projects, where i can linger 
around in the meantime?

It is, unfortunately, up in the air.  While we had a plan to move forward,
and can go move forward with it, time constraints have gotten the best of 
the three folks who were doing most of the driving forward.  I would like 
to launch, but it seems likely any relaunch is at least 2 months out.

The #cryptodotis channel is still semi-active every now and again, and 
there are many projects whose developers overlap with the people who used 
to be active in crypto.is: tor2web, remailers/nymservs, and tor itself.

- -tom
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAk/KeiUACgkQJZJIJEzU09vxEACcCPu2cDpoP3hq1x1niYoNsyxv
gqEAoMUmEy3VcspGnJZCUnSzifCdL+Y+
=ZfYt
-----END PGP SIGNATURE-----

Re: [remailer] E-Mail security

From:: Yuri Nahum
Date:: 2012-01-25 @ 20:39

Am 25.01.2012 20:08, schrieb Michael Rogers:
> On 25/01/12 18:37, Tom Ritter wrote:
>>> As I understand it, GPG is just simple signing and then encrypting. So
>>> it is vulnerable to surreptitious forwarding.
>> All encrypted email schemes are vulnerable to this.  Send me an email,
>> I decrypt it, and I can send the plaintext to whomever I want.
> The threat described in the paper is that Alice signs a message, Bob
> forwards the signed message to Carol, and either Carol or some other
> party is fooled into thinking that Alice sent the signed message to Carol.
>
> Encrypted email schemes don't have to be vulnerable to such attacks. For
> example, the scheme could specify that the signature must cover the
> intended recipient's email address.
exactly, or just the combination sign&encrypt&sign or the other way
around encrypt&sign&encrypt.
I do not think, you want to sign the recipient's address, because then,
you cannot encrypt anymore.
The two layers signing and encrypting have to reference each other in
some way.

All the best
Yuri

differential cryptanalysis

From:: Yuri Nahum
Date:: 2012-02-16 @ 10:14

Hey Guys,
is there any good literature out there for differential cryptanalysis on
Feistel Networks.
I have understood differential attacks on SP-Networks but am unable to
generalize the principle to Feistel Networks.
Research papers are also welcome.

Thanks in advance
Yuri

Re: [remailer] differential cryptanalysis

From:: Tom Ritter
Date:: 2012-02-16 @ 14:04

I found http://theamazingking.com/crypto-diff.php and
http://theamazingking.com/crypto-feal.php to be good walkthroughs of
it, with practical examples.

-tom

Re: [remailer] E-Mail security

From:: Tyler Gillies
Date:: 2012-01-25 @ 18:46


霂


On Wednesday, January 25, 2012 at 10:37 AM, Tom Ritter wrote:

> http://xkcd.com/927/

+1