Slashdot Mirror

← Back to Stories (view on slashdot.org)

EnigmaMail version 1.0

Posted by michael on from the neat-hack dept.

myc18 writes "Last month at Tufts University, I created EnigmaMail. After being exposed to e-mail and communication security in the media, and my interest in the Engima Machine, I decided to develop a "secure communications module" for my class (semester) project in "Cryptography and Security." So could EnigmaMail be used as a secure e-mail module, despite the fact that it uses a dated cryptographic algorithm?" I don't see why not. It has the usual problems of symmetric-key cryptography (must get the key to the recipient) and of course, the system has been broken, but it would certainly be secure against most people. As long as you're aware of the limitations...

4 of 11 comments (clear)

  1. Re:This is a bad idea by PhilHibbs · · Score: 2

    Look, the guy admits that it's poor - would you criticise the quthor of a ROT13 program for hawking dodgy encryption? The damn thing's called EnigmaMail, so it should be obvious that it's based on cracked WWII technology!

  2. Add in AES by �nubis · · Score: 2

    The best thing to do would be to add in AES (or triple-DES) support so the program could be used as a legitimate security product.

  3. Not very secure by DerekLyons · · Score: 2

    The Enigma algorithim is widely known, as are the techniques to break polysyllabic ciphers.

    In short there is no real security here (especially if you don't hide non-alpha characters, and don't break the ciphertext into some kind of block format).

    Try hanging out on sci.crypt for a bit to get a better feel for the issues and problems.

    http://www.landfield.com/faqs/cryptography-faq/ is a great start for basic cryptography research online.

  4. This is a bad idea by Sanity · · Score: 3
    It is much better to spend your time doing nothing, than to spend your time creating a "security" application which doesn't actually protect people's security. In the world of cryptography people make extremely conservative claims about software based on secure algorithms (ie. those which have undergone much peer-review without breaking) - yet here is someone using a known-insecure algorithm and claiming that his software protects people.

    --