Secure mail and messages for yourself and others
In the wake of the recent scandals with the NSA, it came to the realization that, ultimately, no one can be trusted - sooner or later it may turn out that your data on server X turned out to be tapped by some organization, although in words it was said about full encryption of all user data .
')
We thought about how to protect ourselves in such a situation, if we want to send a message that is really sensitive to wiretapping (this is not about chats). You can only trust yourself (provided that there are no bookmarks on your computer itself). The user-provider-server channel may also be compromised. Moreover, even an SSL connection cannot be completely trusted, given that
The only option is to encrypt the message on the client side (right in the browser) and then transfer it (already in encrypted form) to the server side. In our implementation ( Wolfram Mail is not an advertisement, please do not do habraeffect if you are not interested in it, because while we are on paid hosting) the open message is destructed by RC4 encryption (yes, it is not so reliable anymore, but it is suitable for its purpose). ideally). Thus, the new pseudo-open message does not have any structure and the criminal organization will not be able to directly attack the ciphertext on the principle of open / closed text pairs.
Next comes the basic encryption - the BlowFish algorithm. It is still reliable and developed by B. Schneier, and not the NSA or the FSB. Get the ciphertext. Now it can be safely transmitted through open and listening channels. On our website it is stored only until the recipient reads it, then it is deleted from the server.
Thus, neither our server nor the channels of information transfer have access to:
The recipient of the letter receives a notification on his e-mail with a link to the page to read the message. All you need is an encryption password. Decryption also occurs on the client side. Yes, the password is also not sent outside the user's computer - password authentication occurs through circumstantial evidence - crc32 (in the future we will replace it with GOST 34.11-2012).
Now the service works in test mode (in the sense that bugs are checked, functions are added and trivialities are refined), but it is already fully suitable for encryption. At least, we already use it, and we did it for ourselves.
If the project gets some funding, then plans to buy a separate server, so as not to depend on hosting restrictions.
')
We thought about how to protect ourselves in such a situation, if we want to send a message that is really sensitive to wiretapping (this is not about chats). You can only trust yourself (provided that there are no bookmarks on your computer itself). The user-provider-server channel may also be compromised. Moreover, even an SSL connection cannot be completely trusted, given that
- you are not the owner
- keys from the certificate could be handed over to special services
The only option is to encrypt the message on the client side (right in the browser) and then transfer it (already in encrypted form) to the server side. In our implementation ( Wolfram Mail is not an advertisement, please do not do habraeffect if you are not interested in it, because while we are on paid hosting) the open message is destructed by RC4 encryption (yes, it is not so reliable anymore, but it is suitable for its purpose). ideally). Thus, the new pseudo-open message does not have any structure and the criminal organization will not be able to directly attack the ciphertext on the principle of open / closed text pairs.
Next comes the basic encryption - the BlowFish algorithm. It is still reliable and developed by B. Schneier, and not the NSA or the FSB. Get the ciphertext. Now it can be safely transmitted through open and listening channels. On our website it is stored only until the recipient reads it, then it is deleted from the server.
Thus, neither our server nor the channels of information transfer have access to:
- plain text
- key information (passwords)
The recipient of the letter receives a notification on his e-mail with a link to the page to read the message. All you need is an encryption password. Decryption also occurs on the client side. Yes, the password is also not sent outside the user's computer - password authentication occurs through circumstantial evidence - crc32 (in the future we will replace it with GOST 34.11-2012).
Now the service works in test mode (in the sense that bugs are checked, functions are added and trivialities are refined), but it is already fully suitable for encryption. At least, we already use it, and we did it for ourselves.
If the project gets some funding, then plans to buy a separate server, so as not to depend on hosting restrictions.
Source: https://habr.com/ru/post/201526/
All Articles