I think my only complaint (that doesn't seem to be mentioned, though I could have missed it) is that the email address is generated with your key. This means that you have to create a whole new email account every 6 - 12 months for optimal security. I would suggest that you should allow people to alias their username to their email address, but also realize that doing so would kill one of your security advantages.
On 2013-08-27, at 3:05 AM, DC wrote: > Hi all, > > Just arrived in Seoul! I'm travelling this week, sorry for the delayed > replies. > > Thanks for all the feedback. I'll try to answer all in one email: > > > > From: h0ost <h...@mailoo.org> > > Hi DC, > > Thanks for sharing this project. > > I'd like to install it on a server and play with it, but can't find an > install doc. > > https://github.com/dcposch/scramble/blob/master/doc/how.md references a > Quick Start, but I can't seem to find it. > > I'm sure I'm overlooking something, but thought I'd check first. > > Thanks. > > Host > > I hadn't published the Quick Start yet. My mistake. > I'll try to correct that today, and I'll send out the URL. > > > > From: The Doctor <dr...@virtadpt.net> > > To: liberationtech@lists.stanford.edu > > [...] > > scramble.io does not play nicely with the Tor Browser Bundle: > > [...] > > Problematic. > > You're right. Unfortunately, this is tricky to fix! > > It's critical to security that the PGP key pair be generated on the client, > and the server never sees the (plain) private key. > To generate a key pair on the client, you need a secure random number > generator. > This is a new JS API that doesn't exist in older browsers, including the Tor > Brower Bundle's version of Firefox :( > > So Scramble over Tor won't be solved until one of two things happens: > * The Tor Browser Bundle upgrades to a more recent Firefox > * Someone makes an easy-to-use Chromium+Tor bundle > > > > From: Griffin Boyce <griffinbo...@gmail.com> > [...] > > It should give an option to continue anyway, tbh. > > See above---can't generate the key pair. > Maybe I'll simply remove the Generate Account button on older browsers. > When the secure RNG API is missing, you *could* log into an existing account, > but can't create a new one. > > That feels a bit dirty, though. > > > > From: Nicolai <nicolai-liberationt...@chocolatine.org> > > Cool idea. This is also similar to CurveCP and DNSCurve. [...] > > But I think you meant to say the Base32 encoding of one's public key, > > not the hash, right? > > Nicolai > > Same format as Onion URLs: Base32 encoding of the first 80 bits of > SHA1(PubKey) > > > > From: Tom Ritter <t...@ritter.vg> > [...] > > I feel compelled to point out the precedence here. This is a problem > known as Zooko's Triangle > > https://en.wikipedia.org/wiki/Zooko's_triangle > > Yes! Out of security, decentralization, and short names, you can only pick > two. > > So HTTPS gives you security and short names (eg "paypal.com"), at the cost of > placing trust in a centralized system (the CAs). > Scramble, SSH fingerprints, Onion URLs, and others make the opposite > tradeoff: security+decentralization, but now your identifiers are hashes. > > I think the consistent lesson of Prism, Lavabit, Freedom Hosting, etc is that > anything centralized is inherently vulnerable. Hence the choice. > > > > From: Ali-Reza Anghaie <a...@packetknife.com> > > To: liberationtech <liberationtech@lists.stanford.edu> > [...] > > I'm conceptually really curious about various aspects but before I > > forget - this time - I'd like to ask two broader questions first: > > - Is this in any way an officially "backed" project in any way? Part > of a thesis or what-not lets say? > > Nope. So far, this is just my weekend project over the past four or five > weekends :) > Several friends have helped me refine the ideas. So far I've written all the > code. > Hopefully that will change soon! > > https://github.com/dcposch/scramble > > > > From: Michael Rogers <mich...@briarproject.org> > > Hi DC, > > Thanks for the reply. Responses to your responses inline. ;-) > [...] > > 80 bits may not be enough to defend against a well-funded adversary > > these days - that's one aspect of the Tor hidden services design that > > "needs some love". > > https://blog.torproject.org/blog/hidden-services-need-some-love > > Interesting! I'll read about it more carefully. > (Note that in the entire history of Bitcoin, the smallest hash a miner has > found starts with less than 80 zero bits. > So impersonating an Onion URL or Scramble address would take roughly more > than the *total* computation done by all Bitcoin miners to date. > I think this is quite good.) > > > [...] > > What block cipher mode of operation do you use? If the mode of > > operation requires padding, what padding scheme do you use? Do you > > authenticate the ciphertext? If so, what MAC function do you use, and > > how do you derive the MAC key? > > OpenPGP.js defaults. I'll give you a better answer soon. > > (Re: authenticating the ciphertext: not yet, but I should. > Messages and bodies are currently PGP RSA-encrypted messages, but not signed. > When I fix that, sending mail will both encrypt and sign by default.) > > I just made a Github Issue for it so that we can have a permanent place for > important details like that, better than the mailing list. > https://github.com/dcposch/scramble/issues/13 > > Thanks again! I'm an engineer, not a cryptographer. > Pointing out what I overlooked is very helpful for me. > > > ... and finally, one message from a related thread: > > > From: StealthMonger <stealthmon...@nym.mixmin.net> > > To: liberationtech <liberationtech@lists.stanford.edu> > > Subject: Re: [liberationtech] Why_can't_email_be_secure > [...] > > All the problems cited in this Silent Circle blog and elsewhere were > > solved 20 years ago by tools such as anonymizing remailers and message > > pools. Those tools are still in use today and can be used by anyone > > wanting confidential, authenticated, stealthy email. > [...] > > I agree that Silent Circle's claim that email "can't" be secure is > overstated. Otherwise I wouldn't be trying :) > > Phil Zimmerman makes a lot of good points, though. > > Having easy-to-use, asynchronous messaging (ie, email) while at the same time > hiding metadata from the NSA is hard! > > For now, I'm content to encrypt Subject and Body, and make From and To > anonymous if people choose to be anonymous. > (In other words: the mapping between real name and hash address is known to > your correspondents, but not in public.) > > > > Thanks again to h0ost, Griffin Boyce, Nicolai, Michael Rogers, and all the > people who are helping me work out the kinks and move the Scramble project > forward! > > Here's the repo again: https://github.com/dcposch/scramble > Any bug reports, large and small, are much appreciated. > Feel free to file them under Issues > > Best > DC > > > > > > > > > > -- > Liberationtech is a public list whose archives are searchable on Google. > Violations of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu.
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
