Re: crypto questions - encrypted mail standards

2000-12-20 Thread Bill Stewart 

A separate discussion over on coderpunks maybe helpful here.

To: Bill Stewart [EMAIL PROTECTED]
Cc: Bram Cohen [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: encrypted mail standards 
Date: Tue, 19 Dec 2000 23:34:55 -0800
From: John Gilmore [EMAIL PROTECTED]

 Bram - you can do encryption at the Mail Transfer Agent layer,
 like encrypting versions of SMTP, or in the mail header/body layer,

 I'm not sure where to find the standards for encrypting SMTP,
 but there are some; look around on sendmail.com.

See RFC 2487, "SMTP Service Extension for Secure SMTP over TLS", which
adds the "STARTTLS" command and HELO extension option to the SMTP
specification.  This permits two SMTP servers to negotiate to use TLS
(also known as SSL) encryption before sending email.

There are ways to run POP or IMAP using TLS/SSL as well, but I don't
have the standards at my fingertips for this.

 Also, John Gilmore may have funded some
 non-American developer to do an implementation.

Nope; sendmail.com did an implementation and released it once the
export rules changed.  It's in the current free sendmail release.

   John



Thanks! 
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

Crypto questions

2000-12-19 Thread Scoville, Chad 

I've been actively reading posts on this list for about two years now, and
I'm in he process of actually trying to design/implement a data network
where security is of the utmost priority. Where is a good starting point to
find out about packages using algorithms which are unbreakable as of yet.
All of the traffic will remain domestically within the US. The traffic will
be SMTP.

It would be illmatic if someone could reccomend a good reading list
(current) on the bleeding edge of cryptography.

Tks. in advance.

CK$

Chad K. Scoville
Internetwork Solutions Engineer
Thrupoint, Inc. formerly Total Network Solutions
545 Fifth Avenue, 14th Floor
New York, NY
10017
v 212.542.5451
p 800.555.9172
[EMAIL PROTECTED]
www.thrupoint.net

Re: Crypto questions

2000-12-19 Thread Joseph Ashwood 

Honestly, it's pretty easy to take care of everything you need. Since you're
using SMTP you obviously know how long the message is so you can use fairly
well anything. Also because it's going over SMTP you need to be aware that
you should base-64 encode everything, and the other issues. However what you
need is simply:
a random number generator
an implementation of RSA-OAEP
a good block cipher with a good chaining method (Rijndael, CBC is great)
a signature scheme

do the following
generate a 128-bit number K
D = RSA-OAEP(K)
B = data | signature(data)
S = D | RijndaelCBC(K, B)
send(base-64(S))

Toss in some markers, something along the lines of "---Begin PGP encrypted
message---" and it should work wonderfully. The reverse should be obvious,
but just to make sure
T = receive()
S = base-64Decode(T)
(D, B)= Parse(S)BasedOnMarking
K = RSA-OAEPDecrypt(D)
data = RijndaelCBCDecrypt(K, B)

You can send anything you want this way. You can also add compression to the
data before encryption, and decompress after decryption. It's not bleeding
edge, but it's dependable, it's fast, it's secure, and if you're really
paranoid about security, move to SHA-256 with RSA-OAEP, and use a 256-bit
Rijndael key. You'll also need to make sure you use properly sized RSA keys.

If you want something closer to bleeding edge, go with XTR in place of RSA,
and well Rijndael is just an all around great cipher. If you want to strive
for exotic, use XTR and Serpent. Of course if you want the tried and true
use 3DES instead of Rijndael. If you want the most buzzwords for you
condition use half-ephemeral ECC like this:
do the following
generate a random private key
generate the public key to go with it, P
Compute the shared secret, K
B = data | signature(data)
S = P | RijndaelCBC(K, B)
send(base-64(S))
Decryption is left as an exercise. If you'd like more help there are plenty
of people on the cypherpunks list (myself included) that are capable of
consulting to determine what parameters you need to use.
Joe

- Original Message -
From: "Scoville, Chad" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, December 19, 2000 9:35 AM
Subject: Crypto questions


 I've been actively reading posts on this list for about two years now, and
 I'm in he process of actually trying to design/implement a data network
 where security is of the utmost priority. Where is a good starting point
to
 find out about packages using algorithms which are unbreakable as of yet.
 All of the traffic will remain domestically within the US. The traffic
will
 be SMTP.

 It would be illmatic if someone could reccomend a good reading list
 (current) on the bleeding edge of cryptography.

 Tks. in advance.

 CK$

 Chad K. Scoville
 Internetwork Solutions Engineer
 Thrupoint, Inc. formerly Total Network Solutions
 545 Fifth Avenue, 14th Floor
 New York, NY
 10017
 v 212.542.5451
 p 800.555.9172
 [EMAIL PROTECTED]
 www.thrupoint.net