Slashdot Mirror
Yahoo Offering Encrypted Email
James Salsman writes "Now that Yahoo delivers encrypted email,
I would sure like to know what the Slashdot fray thinks of
that, especially in light of Carnivore's vulnerability to
some forms of encryption (but not this one?)." michael adds: You might also want to check out Cyber-Rights.net, which is a UK civil liberties group offering encrypted email through a deal with Hushmail.
Carnivore is a traffic analysis program, designed to figure out who is talking to whom, be that http, smtp, etc.
The Feds want to know who is talking to _INSERT SUSPECT HERE_, and to whom _INSERT SUSPECT HERE_ is talking. Encrypting doesn't thwart that analysis.
That's an oxymoron. They'll encrypt it until they're asked by the LEA to decrypt them. Do you really think they won't comply with Carnivore?
Have you read my journal today?
Does anybody have any idea why they are not using SSL to upload the original message? It seems silly not to...
To do so on their scale would be horribly expensive.
Handling a non-SSL web transaction doesn't require a fraction of the CPU power that an SSL transaction requires.
Even with dedicated-SSL hardware, they'd have to increase their number of servers.
-
There are several blatant flaws here that make the system practically useless if you want security:
1. Your data travels unencrypted to Yahoo, including your passphrase.
2. There's no guarantee they'll decrypt it if asked, but I'm assuming YES, they will.
3. What's exactly "encryption" here?
So there.
Flavio
Except for the fact that the average user... have absolutely no need for high-encryption in everyday email transfers.
The average user has no need, and the only thing that encryption does to that user is make him look suspicious.
That's one of the main reasons for widespread, everyday email encryption. So that when you do need to encrypt something, it doesn't stick out like a sore thumb.
I've always argued that the general geek/Open Source community it very paranoid when it comes to things like encryption.
Paranoia is necessary if you are to consider anything secure. Otherwise, it's just 'obscure something and keep your fingers crossed'.
So I, Joe User, encrypt my email on my home machine. What's going to stop the FBI from peeking through the window and looking at the screen...
Can they do that for every person in the country at the same time?
How it works:
/unread/ emails past 7 days, but what about regular emails? Will I have to have a folder filed with obscure links pointing to SecureDelivery in order to get these messages at a later date? It seems like a good idea on the surface, but there are still some things to be worked out (imho).
Send an email to a person via SecureDelivery.com and the recipient gets an email saying "You've got a secure email, click here to view it"
After creating a passphrase you can go back and click the link _again_ to view the email. However, SecureDelivery doesn't save any
In Soviet Russia...michael would be rotting in Siberia!
Yahoo's new system works like this: Once a message is composed, it travels, unencrypted, to Yahoo, which sends it through a secure connection to SecureDelivery.com. There, the message and any attachments are scrambled.
Unencrypted between end-user and Yahoo! ? So a sniffer either at the local network (the norm, I'd think, at many institutions) or a crack at Yahoo! would still work?
Strange decision.
Only the dead have seen the end of war.
About three weeks ago I contaced Zix through a series of e-mails asking for detailed information on their protocol and algorithms. They, impressively, sent me back a marketingese "white paper" (I only put it in quotes because it was more brochure than real technology white paper) within two hours. They started out on good footing, customer service has a quick turnaround.
Upon examination of this "white paper" I sent back a few more questions looking at glaring holes in thge paper - what hash algorithm they use for signing all of the data going back and forth from securewhatever.com while establishing the session key for the Triple-DES encrypted message (running on memory of their protocol here as I threw out their white paper at the end of this).
Anyway, I shot that (easiest answer) and a couple others (the plaintext over http as many people have pointed out) questions back figuring I misunderstood something, and they again replied right away.
They sent me yet another copy of their marketing "white paper" and didn't answer any questions. I replied once more, stating in clear terms my questions were not answered in that white paper, and were vaild questions to ask before entrusting my data to their service. No reply that time.
It downright scares me when they won't tell you what algorithm they use for anything other than their primary body encryption (triple-des). It seems their protocol can be attacked fairly easily to spoof messages, and in fact relying on the one server (though a standard pki solution as well) that is under their control and, er, not that I would ever test this, but have "heard" from people, looks to have some unpatched holes in certain daemons allowing for buffer overflow attacks, and probably is quite suscepable to DDoS attacks, well. Anyway.
On a completely different note - why anyone would bother with a fancy, fallible, protocol in order to support a session based key for symmetric encryption is beyond me when the encryption decryption process instead of using something like ElGamal (now free! woot!) and using private/public key authentification is beyond me. Their clients are not going to be major corporations sending large documents, but rather many many individuals sending small documents. Message size (plaintext*2) and encrypt decrypt speed (*(10..100) depending on implementation) are still not enough hassle for e-mail sized documents that it seems silly to me. Ah well. It just leaves the door open for when i finally put SecureJMail up on sourceforge.
Frums
What's the point? The email travels as plaintext to yahoo before it is encrypted. If you really think someone is intercepting your mail, they are going to do it between you and yahoo. Sounds more like a marketing gimmick than anything else
If Deep Crack doesn't work, maybe they could run it through Secret Sphincter!
...
Ok, back to work
Silpon Designs
Scented Paper Products
Let the "commoners" think that they're getting security. But for now, they're providing background cover to help hide the mail that truly needs encryption.
So you're assuming that the need for encryption is directly related to technical competence? My guess is there are plenty of people living in places with truly oppressive governments who would be fooled into thinking "secure" Yahoo email really is secure. Web-based email is very popular in less developed countries, especially for less technically sophisticated people.
And there are countries where saying the wrong thing in an email message can get you imprisoned or killed without a trial.
But I do agree with your basic argument that the more encrypted traffic there is, the better. It would be really nice if encrypting your email had the same lack of stigma as putting a letter in an envelope instead writing a postcard.
-- Sigs are for losers
The short answer is we're talking about Yahoo here.
The slightly longer answer is that we're talking about a site that, when you select a secure login for e-mail, switches to SSL just long enough to give you the page where you enter your user-id and password, only to immediatly redirect you back to regular, unencrypted pages. I wouldn't trust these people to protect a piece of pocket lint.
When Yahoo! can manage to keep their email system from being hacked by fourteen-year-olds for more than six months, maybe I'll trust them to handle my encryption.
...And just for the record: I know what you're thinking, Hotmail, and that goes doubly for you.
crib
Please don't read my journal
Every once in a while, I imagine myself writing a script to automatically generate pseudo-encrypted appearing emails. I imagine sending said non-sensical non-meaningful messages to large corporation mailers. I expect on occasion, I would receive e-mails asking not to send them any more messages, and then I would reply - "Message received - the owl hoots at midnight..."
Government organizations are also another good target for said messages!
And then I imagine either lawyers or Authority knocking on my door, seizing my equipment, and getting locked up for nuisance reasons...
Until then: "Sdfd wersl. Jdibg aty qpolacvcc!"
I donate all spillover Karma to the charity of my choice... Ada was still a babe despite what people may say...
Do You #!jdfsi87?
It's not secure at all - you could easily trace illegal emails by a court order taken out on Yahoo!.
Hushmail or no-id's anonymous remailer, preferably accessed via anonymous proxy server is better
Free Anne Tomlinson!!
This is not a good thing. For one thing, Yahoo has a history of folding every time user information, etc is demanded of them. This does not at ALL give me confidence in them as an "encrypted" e-mail provider.
Furthermore, the fact that it IS encrypted will fool many of the less technical users into thinking that it's safe. It isn't.
Of course, there is no such thing as a totally secure communications system. But, the most secure that can be used by most of us is to use PGP yourself on your own machine. Then it doesn't matter WHICH e-mail service you use.
Of course, the safest possible way is to run your own Sendmail server on your Linux box (possible if you have DSL/Cable/ISDN), that way you defeat Carnivore and the UK's RIP law.
Remember though, your "secure" e-mail is also only as secure as the recepient treats it.
Offering encrypted e-mail service is a good idea. But I'd think that a company that had policies refusing to use Carnivore, and deleted their logs every half-hour would inspire more confidence.
=== The price of freedom is eternal vigilance
I know this isn't going to be a popular opinion around here, but encryption should be regulated by the government. The smoking gun that caught Microsoft was the e-mails that they sent. Imagine if they had been all encrypted. Microsoft would be even more powerful right now.
I fear that corporatism will continue to grow more and more powerful if they are able hide their stealing with encryption that the government can't crack. It will make it even more possible to take advantage of the people.
--
--
From each according to his ability, to each according to his needs.
They have to send your email unencrpted to SecureDelivery.com first to get it encrpted. If someone wants to intercept, they can intercept in this process easily. So the government is still possible to monitor.
It's more problematic then it seems: people thought that it's safe when indeed there's a big loophole.
A sig is redundant.
MailVault.com also does PGP over 128bit SSL and plans to open source the whole thing.
Sig
Appended to the end of comments you post. 120 chars
...But rather encryption to restrict the recipient's ability to access the data after a certain period of time (a week). In truth, it does both very badly.
First it is clear that this cannot be a serious attempt at the "traditional" problem of encryption--for the reason pointed out in many posts (unsecure channel between sender and Yahoo!) as well as a deeper one--this system requires you to give full trust to both Yahoo! and Zixit, as there is no proof whatsoever that they will even bother to encrypt your email when passing it between themselves. (And if you would trust a potentially life-and-death secret to two companies named "Yahoo!" and "Zixit" then you deserve what's coming to you.) Finally, there is a huge problem with verification: the recipient merely needs to "verify" that they actually hold the email address the sender specified. And how, pray tell, do they do that? Likely they instead need only temporary access to that account to recieve a (plaintext??) email giving them a temporary password. Good lord.
Instead it appears to implement an access control restriction--your recipient can only access the email for 7 days before it is gone forever. Of course, this fails for the same reason all access controls fail--the message must finally be displayed in plaintext on an untrusted machine, namely the recipient's. Assuming "Zixit" has implemented some (hackable) fix to the "copy-and-paste attack" (ala the International Lyrics Server), there is still the ever pernicious "screenshot attack". And as always, even if the recipient's machine could somehow be entirely trusted, there is the final undoing of any access control restriction--the digital-to-analog conversion. Just as I can always tape-record the SDMI music coming out of my speakers, and videotape that DVD playing on my TV, this scheme falls rather easily to a pen-and-paper.
Meanwhile, it doesn't even do the trick of "increasing the amount of encrypted emails the FBI has to look through", because all this traffic is presumably just SSL, and there's a whole bunch of that around. Besides, chances are the FBI/CIA/NSA/KGB/alien invaders would rather just install a keyboard sniffer or run a TEMPEST analysis on your computer than have to solve the FACTORIZATION problem or build huge special-purpose number seives and spend several times the lifetime of the universe waiting around to read your email or invent a quantum computer. (Maybe the aliens would rather do the latter.) Or just bring a warrant to Yahoo!/Zixit, who *both* have full plaintext access to your "encrypted" email and will likely be very happy to comply with the FBI. (Or aliens pretending to be the FBI--has no one noticed how unsecure and spoofable search warrants are?)
Um, I think what I'm saying is, this appears pretty lame. The only "useful" thing I can think of that this does is destroy the message if it is not accessed within 7 days. Of course, trusting this means trusting that 1)Zixit actually destroys the message; 2) Yahoo! destroys their copy of it; 3) no one intercepted it when it was passed in plaintext from the sender to Yahoo!; 4) any logs or copies of it as it propogated (in plaintext) across the Internet between the sender and Yahoo! were destroyed; 5) it was actually encrypted between Yahoo! and Zixit...
Does anybody have any idea why they are not using SSL to upload the original message? It seems silly not to...
Somebody mentioned that the message will still be stored in plain-text on Yahoo's servcers. I have never used Yahoo mail, but don't they have an option NOT to store a local copy? Most mail clients have this, and I guess you can always CC yourself to get access to a (more) secure copy of your own mail on the SecureDelivery encryption server.
Hi!
Step 1:
Get 'large dot.com' company that people know of with fun and well known name to 'use' your product, no matter how flawed their implementation is.
Step 2:
'Mainstream' online news service (*cough* CNet, ZDnet etc *cough*) latch on to the story that 'large dot.com' is using your product, and that the use of this product is vital to stop the 'evil internet hackers' from doing evil things with your children and credit card numbers.
Step 3:
Due to 'informed' userbase, people begin to demand your service for large dot.com's competitors services. Other companies require what the service you provide. Providing service equals more coverate.
Step 4:
IPO you well known service.
Step 5:
Get out before bubble bursts (well, if it hasn't all ready)
Internet 'Profits'. Fun huh?
------
I just send my e-mail in a special Pidgin Pig Latin Esperanto dialect I and some friends developed, then save it to file with WordPerfect 3.0. Then I send the file via e-mail. Don't even need PGP. Sometimes I can't read my own stuff, let the FBI do it's worst.
www.matthewmiller.net
"Live Free or Die." Don't like it? Then keep out of the USA
lokmail
is the only webmail service that actually
uses good old fashioned PGP encryption over
an SSL link. I think promoting PGP use
and not a new proprietary encryption system is
a better way to fly. You can get a free
PGP webmail account at lokmail right now.
Ignore Yahoo.
-- The Funk, The Whole Funk, And Nothing But The Funk
This is great! Now, the Feds won't be able to read the "private" e-mails I get from women who want to know if they'd make good porn stars, or want to invite me to watch the wild action at their party house, or the people offering me unaccredited University diplomas!
Take that, Mr. Fed!
--
Feminism is the wild notion that women are human beings.
Look at it math-wise: if 0.1% of the e-mail traffic today is encrypted (which I'm personally guessing would be way high,) if you were to send an encrypted letter to your buddy (whose ISP is being Carnivored,) it'd get noticed. Being only one message out of a thousand, it might even merit a few minutes on FBI's Deep Crack.
Now, add in all the Yahoo e-mail traffic and that number might rise to 1.0%. Include encrypting lots of Hotmail traffic, and it might rise to 2.0% Pretty soon, there's too much traffic to Deep Crack every encrypted message that runs past. And eventually, once encrypted e-mails outnumber regular e-mails, seeing encrypted traffic go past a router won't even raise a flag.
If you're actually concerned about security, of course you won't use Yahoo's service. Let the "commoners" think that they're getting security. But for now, they're providing background cover to help hide the mail that truly needs encryption.
John
John
...because it gives the user a false sense of security.
The actual encryption algorithm itself here may be fine; I don't know, I can't get the Securedelivery.com site to load. (Not a good sign.) But, as Bruce Schneider is fond of pointing out, it's not just the algorithm, but how it's used. Others here have already noted two problems: one, it's Yahoo's key, so you have to trust them to keep it secure. Two, the message already travels unencrypted to Yahoo, and even Yahoo agrees it's not end-to-end encryption.
So what, you say. It's more encrypted than Yahoo mail was before, so why not use it? The danger is that the public, who, together with politicans, have demonstrated a startling ability not to understand technology and encryption issues, may start touting this as the solution. A real solution (to the technological aspects, anwyay) is to have end to end encryption, with open source tools that at least in principle can be verified to have no back doors, and with your own personal keys you make yourself. Naturally, this makes the folks who run Carnivore unhappy, becuase they can't just go to Yahoo and demand keys. So, probably having given up the battle to competely outlaw encryption, they stand to benefit greatly from systems such as Yahoo's. The public might potentially be convinced that this is as good as encrypting your mail yourself. Indeed, many seem to have trust in huge companies (as is evidenced by the fact that the FUD attacks against Linux ("who will you sue?") took so long to go away), and may think that having Yahoo do it all for you is better.
I'd rather see it done right than implemented poorly in a way that might catch on.
-Rob