Slashdot Mirror
EnigmaMail version 1.0
myc18 writes "Last month at Tufts University, I created EnigmaMail. After being exposed to e-mail and communication security in the media, and my interest in the Engima Machine, I decided to develop a "secure communications module" for my class (semester) project in "Cryptography and Security." So could EnigmaMail be used as a secure e-mail module, despite the fact that it uses a dated cryptographic algorithm?" I don't see why not. It has the usual problems of symmetric-key cryptography (must get the key to the recipient) and of course, the system has been broken, but it would certainly be secure against most people. As long as you're aware of the limitations...
He is not claiming that it is 100% secure. Nothing is 100% secure, well, maybe that 4th part of cryptography outside the CIA. What he is asking, is "Would it be worth it to encrypt mail?" For a simple class example/problem, its a good solution, you dont have to develop a new algorithm, and should you lose the key, you can still retrieve the message, given some time. I would advocate PGP if you HAVE to have encrypted email.
Sig? What's a Sig?
However, this is leaps and bounds ahead of some, http://www.koan.com/~mwiht/software.htm ... check out this guys e-mail encryption program "E-ncrypt" ...
Problems with message security? This utility from MWIHT can encrypt your personal messages up to 254 different ways insuring that no one can read your messages, other than who the message was intended for. E-ncrypt saves your encrypted message in a standard text file which can easily be attached to any E-Mail message, ensuring all private E-mail messages stay private.
It uses the ceaser cypher ... your "key" is n in the encryption equation: C(cyphertext) = C(plaintext) + n :) Atleast he's not trying to sell it...
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
#include IANAC (C=cryptographer)
As stated in posts above, the practical uses of this are limited to that which you want kept out of the hands of kid sisters etc.
That is, until someone develops a program as an exercise to cryptanalyse the (well-known) cipher. Which sounds like cool fun to me, so I'd be willing to give it a try :-)
Of course, there is the symmetric key aspect, so for e-mail you still need an alternate secure channel.
Despite this, I think it's a good idea, as a starting point in crypto. A good book to get is to read Applied Cryptography by Bruce Schneier(any good book site), and the fishtank libraries by Mr R.J. Hansenare good learning tools.
But unlike most other instances of things being of "military-strength", choosing a stronger encryption does not increase any costs (financial and otherwise) of the software development, or of the software use. So why not use a better alorithm?
In Soviet Washington the swamp drains you.
If you are interested in sending mail that does not trigger some type of corporate e-mail filtering software, this is more than adequate. If you are sending a message to someone that shares an e-mail account with their children, this is also reasonable.
Not every type of data warrents a military-strength encryption algorithm to protect it. It is just important to understand what you are protecting and how strong the encryption is.
Depending on the amount of data to encrypt, mil-strength encryption exacts a toll in CPU usage. Ignoring that, the link provided is a service and if you have need for some privacy in a message you send, the service is valuable and should not be shunned because the encryption is not the strongest available. Besides, the interface is elegant and entry of the key for encode/decode is easy.
Consider the steps to breaking a cipher: 1. know that there is an enciphered message. 2. know the encryption method 3. attack the cipher While attacks on enigma are well know, if you can avoid 1 or 2 no will get to 3. Even week encryption methods are good if you can hide the fact that there is a secret message or if the method is not familiar. For older encryption methods, keeping the messages short and changing the keys frequently will prevent attackers from decrypting your message. This requires exchanging keys securely L A historical point about the enigma cracking is that British intelligence knew there were enciphered messages, got a hold of an enigma machine to find out what the method was, accumulated vast amounts of messages. Only then did Turing develop the computer to quickly find the key. A tough problem was when the Nazis upgraded the machine and the British did not have an example to figure out what was different
Look, the guy admits that it's poor - would you criticise the quthor of a ROT13 program for hawking dodgy encryption? The damn thing's called EnigmaMail, so it should be obvious that it's based on cracked WWII technology!
The best thing to do would be to add in AES (or triple-DES) support so the program could be used as a legitimate security product.
The Enigma algorithim is widely known, as are the techniques to break polysyllabic ciphers.
In short there is no real security here (especially if you don't hide non-alpha characters, and don't break the ciphertext into some kind of block format).
Try hanging out on sci.crypt for a bit to get a better feel for the issues and problems.
http://www.landfield.com/faqs/cryptography-faq/ is a great start for basic cryptography research online.
--