At 11:32 AM 8/13/00 -0700, Anonymous wrote:
>I propose new C-JPEG format, which consists of regular JPEG which is
>encrypted with a public RSA key (as of Sep 24), N times with the
>same key, and the private part of the key is prepended to the file in
>plain, unprotected with the passphrase.
>
>N is chosen so that machine 10 times faster than the fastest on the
>market (so today it would be a 10 GHz something) takes at least 1
>second to decrypt the data (remeber, it's not PGP - the whole image is
>encrypted with RSA).
...
>An Eudora plugin could do all of this automagically.
I agree that in the case of a distribution model of a Eudora Plugin, it is
then available to the masses, which is a good thing. However, the slow
decrypt aspect would serve to deter widespread use.
I have a counter-proposal: Easy to use station to station automatic SSH.
When an app wants to make a connection to another network node, the
security tool determines if that node has the same security software
installed, and if it does the connection occurs over an encrypted tunnel
(VPN) using ephemeral keys secured by an easy to use "web of trust" key
signing policy and a distributed publish-subscribe/store-and-foreward
network on the same nodes for CRL distribution.
Now data transferred through IM/ICQ apps or FTP, ect. are secure, not to
mention HTTP, telnet, CVS, NNTP, SMTP, ect.
I'll have this software finished in a few weeks, all open source at my site.
STS crypto is done (SSL variant), I'm finishing the key/cert management now
(XML mapping of X.509), next week I write the SSH client, the following
week I write the auto-detect and some GUI setup code. The crypto portion
is already being reviewed. Its well written Java, so its portable
(Win32/Linux/Mac), and native code options like Cryptix can speed things
up more.
This is all part of the code I'm releasing from my distributed VR project.
<http://www.vscape.com>. The STS crypto code is at
<http://www.vscape.com/developer/libs/sps/>, the certificate page is in
progress at <http://www.vscape.com/developer/libs/cert/>, they'll be more
there soon, this is the first I've announced the adaptive SSH tool.
