Slashdot Log In
Peer-To-Peer Encrypted E-mail
Posted by
timothy
on Fri Sep 22, 2000 10:07 PM
from the the-more-corrupt-the-state dept.
from the the-more-corrupt-the-state dept.
Markv writes: "CNET has an article about a peer-to-peer e-mail system called SafeMessage(TM) from AbsoluteFuture.com that could confound law enforcement. Not only is it peer-to-peer, the message is encrypted before it leaves the sender's computer, and the decoder key is destroyed. According to the article, AbsoluteFuture's SafeMessage system would potentially allow people to operate below the radar screen of the FBI's Carnivore program." So Carnivore may be good for something after all! Actually, though, how is this different (or less complicated) than, say, using PGP and an IRC client (with DCC) to effect the same sort of transfer?
This discussion has been archived.
No new comments can be posted.
Peer-To-Peer Encrypted Email
|
Log In/Create an Account
| Top
| 152 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Re:PGP over email isn't secure? (Score:3)
Would you be content an ISP employee viewing this perfectly well encrypted message as it passes through their servers?
PGP Webmail (Score:3)
Anyway, since when is Carnivore busting such a big deal? I would suggest to anyone who can't use PGP directly for whatever reason to get a Lokmail account.
Re:Peer-to-Peer? (Score:3)
What they mean is, usually e-mail is sent through a client-server relationship. First, your e-mail client connects to your ISP's mail server which then sends the mail to the reciever's ISP mail server, which the recepient then reads with his/her e-mail client.
In a server-client situation, the client always initiates the server to the connection. With a peer-to-peer relationship, either one can initiate the connection.
Using a peer-to-peer setup would make e-mail more secure since Carnivore intercepts mail on the ISPs mail server, and this eliminates that middleman.
licq (Score:3)
Power to the people (Score:3)
Hushmail had this a long time ago. (Score:4)
Bruce Schnier has even reviewed it. [counterpane.com] He has some problems with it, but there's no glaring security holes. Still, you're probably better off with GPG, storing your private key yourself.
So SafeMessage is nothing new. Of course, the more the merrier. Everyone should use encryption all the time, and competition is a good thing.
Torrey Hoffman (Azog)
I love anything that thwarts the governments power (Score:4)
I can forsee a time when encryption becomes every bit as important as free speech or the right to bear arms are to holding the government in check.
With things like the DMCA, Carnivore and other moves being made by the powers that be to undermine the power of the people, it is easy to get angry and discouraged. But then I see something like this and it reminds me that there are people out there willing to fight back. That not everyone has forgotten that the government derives its power from the consent of the governed and not the other way around.
Lee
Why this is different from PGP/GPG (Score:4)
With PGP/GPG, you publish your public key and others use your public key to encrypt messages to you. The same key is used over and over again.
With this scheme, apparently they are using a one-time encryption method: I would presume a random key is created during message sending time, and after the timeout, the message and the key is destroyed. Now suppose a 3DES key is produced for *each* message. That's going to be *very* hard for people to listen in, 'cos after cracking the key for the first message, they've gotten nowhere with the other messages.
Of course, it's debatable whether this will actually increase the strength of the encryption in practice.
And, as somebody else has said, there's nothing to stop the recipient from making copies of the decoding key and the message indefinitely. I presume the timeout is implemented in whatever client program they're selling -- but as we all know, any rules enforced by software (including timeout rules) are easily bypassed.
So I'd say, the timeout factor isn't going to make too much of a difference, though the idea of using a different key for every message *might* make the encryption system stronger.
---
My two cents (Score:4)
First off, i feel that my right to send plain-text email to my friends (such as mkhadafi@libya.com or carlos_the_jackal@internationalterrorism.co.uk) have been infringed by this "carnivore" program. Being that we have absolutely no other means of secure communications, like a phone session or even speaking face to face, my particular terrorist cell has been using email for quite some time now.
Another problem that arizes with this email snooping stuff is our new-found inability to transfer bomb making instructions to one another. Obviously there is no other way to find out about how to make bombs, or even a nuclear weapon....it must be done by email.
I guess i am angry, but i must congratulate the US...with carnivore it is obvious that the FBI has successfully eliminated any possibility of my compatriates and I actively engaging in anti-US terrorism.
damn.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
PGP over email isn't secure? (Score:4)
Carnivore doesn't brute-force PGP, does it? That would take a lot of work for the random chance of finding a keyword like "blow up the pentagon" or "al gore is an erectilly dysfunctional motherfucker".
Seriously, folks, PGP is secure enough for now. Pretty Good Privacy. And lots of people use it. Good nuff for me and maybe later I'll use something else, but it will probably just be public/private key like with longer keys.
This isn't secure e-mail (Score:5)
The stupid thing though is the implication that just because this isn't going through an intermediary server it's more secure than PGP. What a crock! It's still going through a ton of routers, any of which could be copying the contents for analysis. Indeed, the way Carnivore, from what I know, doesn't so much scan the mail store as scan mail traffic. Heck, there are going to be roughly 10 copies of the message made before it gets read!
This is just useless.. (Score:5)
First of all, peer-to-peer over the Internet isn't really peer-to-peer at all. It's very vulnerable to man-in-the-middle exploits, since by definition any packets going out over the Internet aren't headed straight for the recipient, they have to travel over an untrusted network first. At any point along this network, a third party could insinuate himself between you and the recipient--particularly if that third party is a law enforcement or intelligence agency, since companies which own the Internet infrastructure are legally required to help such organizations. Since the data is encrypted, this may or may not be a threat depending on the strength of the implementation and upon the ability of the sender and recipient not to be socially engineered into giving out compromising information. If the third party can trick you into thinking that he's your intended recipient, you're absolutely screwed. In the case of PKI, for instance, if the man-in-the-middle can get your trust and say something like, "Sorry, John, I had a hard disk crash last week, and the old floppy I had my backup keyring on is corrupted. I needed to make a new key pair, you'll have to use that to send messages from now on," then either you'll be communicating with the third party in readable fashion from now on, or you'll have to stop communicating anything confidential at all. Since a passphrase has to be suitably complex to be useful, the same attack is useful against shared-key crypto. I don't see how this new system could overcome this flaw at all.
Secondly, the biggest security flaw in communicating via the Net is usually whether you should trust the person at the other end or not. Many of the people we correspond or transact with over the Net are people we've never met IRL, and therein lies the problem. We have no way of knowing if the person we just started communicating with is really a fellow subversive who'll come and help with the demonstrations against the IMF we're planning, or whether he's LEA. Peer-to-peer messaging is therefore useless in real-life applications.
In fact, peer-to-peer messaging is perhaps actively dangerous. It provides a direct record that a given IP address communicated with this other given IP address at a particular time. Therefore, if your recipient is really an enemy, he now has a record of your IP communicating with him. Even though the message under this system is supposedly encrypted all the time and destroyed after a set period, this means nothing: your recipient's eyes have to see it at some point, so he can just as easily do a screen grab or if that's not possible take photographs of the text. Yes, IPs can be spoofed of course, but it's harder to do in peer-to-peer communications, and you'll still probably leave a trail of logs.
Contrast this with anonymizing forms of communication. Properly anonymized through use of remailers or remailers in combination with m2n gateways, or through services such as ZKS Freedom (if it can be trusted--who knows?), it doesn't matter if there's a man-in-the-middle, nor does it matter if your recipient is trusted or untrusted. If you leave no trail, you're safe, untraceable therefore untouchable. Peer-to-peer is the opposite of this, and very useless in the real world. PGP your message and send it via Freedom or a remailer chain, and you're golden. Of course, the best way to assure your protection is to run a public remailer yourself--that way you can be sure that at least one remailer in your chain will forward no previous headers and keep no logs. Then, you have absolute deniability even if traffic analysis hints at your involvement with the message in question--aside from which, remailers often pad messages, send out bogus messages, and use delays between receipt and sending of messages to thwart traffic analysis.
The ultimate way to communicate privately is to use the above suggestions and also divorce recipient e-mail messages from the game entirely once communications have been established. Use a m2n gateway at the end of your remailer chain, to post the PGP'd message to USENET. Either use alt.anonymous.messages with a predetermined heading, or use an empty or spam group. By using a nym with the reply block pointed to a given news group, you can allow people to communicate with you just as if they were e-mailing a real e-mail address, which eases first contacts with people not used to security.
In other words, peer-to-peer isn't a step forward, it's a step back. It's inherently insecure. The only secure communication is insulated communication, with several layers between sender and recipient. Personally, I'd love to see a company or group of hackers put together easy-to-use software to allow for this sort of anonymous communication, rather than the false security of direct peer-to-peer. Imagine if everyone with a cable or DSL connection (it takes some bandwidth and uptime to be a remailer) who wanted secure communications could just download a simple piece of software which sends anonymous messages for them and also acts as a remailer itself. Imagine a Gnutella-like network for remailing anonymous PGP'd messages and possibly posting them through news gateways to a group like alt.PGPtella.messages. If you made it easy to use, we could have truly private and secure communications in the hands of the people, and Carnivore and other spyware would be useless. For my ideas on how to make a network such as this work, read my musings about what Gnutella should have done and how to replace Napster here. [slashdot.org] The concept in that post which I think is applicable here is the idea about "regional servers," only in a remailer-type system instead of a file sharing system the "regional servers" would be mostly for finding IPs of connected machines to route through and for establishing initial connections to the network, although you could make this user0definable in case you know a trusted party on the network. All messages in such a system would be PGPd from each hop to the next, with "regional servers" promoted by the software itself based on uptime and other factors, and unlike with the current remailer system you needn't manually choose each hop along the route--the software could be let to do that, and if the next hop along the route that has been chosen has gone offline, the remailer stuck with the message would forward it to a random hop which is online. Currently, the remailer system is sometimes unreliable, but a new system like this could solve reliability issues. And, as I said, since every user of the system would be a remailer as well as a potential sender, there's absolute deniability: "Sorry, Secret Service guy, you may have traced the message back this far but I'm afraid my machine doesn't keep logs after a day. No, the logs aren't recoverable because they're securely overwritten after the specified period, with no possibility for recovery. I didn't send it and I don't know who did; feel free to look at the computer running the software." All your personal info can be encrypted with something like Scramdisk or the Encrypted File System, just in case the men-in-black do decide to take a look at your box(es).
Anyway, I think I've adequately described my distaste for direct peer-to-peer communications like this product.
Re:This is just useless.. (Score:5)
In deciding what remailers to use, people go on two things--reputation of the operator, and reliability statistics. Operate a reliable service and post in the right places, maybe join the remops mailing list, and you'll have absolutely no problem getting people to use your service and hence have complete deniability.
But in any event I suggested something even more important later in my post--that if someone would write an easy-to-use application for sending and relaying anonymous, encrypted e-mail, something simple enough for everyone to use, along the principles I outlined, then the public would beat a path to your door. Imagine if running a remailer and sending anonymous email through it were as simple as installing a Napster or Gnutella client--with thousands of nodes sending encrypted communications to each other, through randomized paths chosen by algorithms in the software, traffic analysis of any kind would be useless and anonymity would be guaranteed.
The problem is, no one has even tried such a thing. If half the effort put into Gnutella and Freenet were put into such a project, it would happen and quite quickly. It'd be one of the top downloads on Download.com and Tucows. But, among the several reasons this hasn't happened are the fear of having widespread easy-enough-for-anyone anonymous email, since it could be used by criminals and even worse abused by spammers. There's a reason that remailers are notoriously difficult to use: the people who code the software to run them and interface with them are the same kinds of people who are remops themselves, and they fear being used for spam or kiddy porn since that could get them visits from the fuzz. What they fail to realize is that a properly redesigned system of remailers with a clean and easy software interface which requires all clients to be servers as well, all traffic to be encrypted from node to node with a different key and padded to a different size, and other basic precautions, would get so many users as to make any visits from the men in suits useless. The same sorts of people who install Napster to get music and Gnutella for file sharing would install this program for private e-mail. There would be too many nodes and too much traffic to trace anything, and if they did trace parts of a path back to a particular node they'd contact the user and in all likelihood get some guy who has no idea what they're talking about because he's just an average user who wanted to send private mail. If all the data is never stored unencrypted, then the men in suits wouldn't even have any excuse to examine that Joe User's computer. It all comes down to designing the system well, and if it's designed well, it would become ubiquitous and impossible to stop or trace.
The only bad side effect of this would be increased possibilities for spamming, but since almost all spam is commercially motivated the senders are known. It would perhaps even be a good thing if a system like this were implemented and spamming skyrocketed, because it would spur on anti-spamming legislation which, without a big crisis, simply isn't going to happen thanks to Congress' own "commercial interests." The ultimate effect of such legislation, which as I said will probably only happen if spamming does skyrocket, would be to make spamming far smaller than it is now since the risks of severe criminal and civil penalties would outweigh the potential benefits.
But, I digress...