Slashdot Mirror
Ciphire, A Transparent, Easy PGP Alternative
mixter writes "Hi. I'd like to point your attention to Ciphire, a fully free and soon-to-be-audited-OpenSource 'Global PKI' project I've been working on for the last three years. As the first three or four thousand geeks started using Ciphire and seem happy, with some tech articles written, I guess the /. community might find this interesting, too. Ciphire hopes to have solved the problems that prevented PGP from a broader deployment, with even higher security standards - as already confirmed by crypto experts Housley & Ferguson. More useful information, e.g. in Wired or in the Nerd^H^H^H^Hexperts FAQ."
What's wrong with the GNU Privacy Guard?
Ciphire hopes to have solved the problems that prevented PGP from a broader deployment
so how exactly are you getting it installed and turned on by default in Outlook and Outlook Express?
tell me I'm wrong if you want, but that's the only way you'll get Jane and Joe 6pack to use it.
I mean I know folks here on /. will find this cool and may acutally use it for mail. But, when a portion of net users have a hard time remembering thier email username and password, will this really take off? I mean PGP took off to a certain extent, but if you mention it to the average net user they look puzzled.
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
The main problem this project will encounter will be gaining momentum. PGP already has a huge userbase and infrastructure. It's not that difficult to use for anyone technically minded, and you can already buy "idiot proof" versions to plug into Outlook (I believe). For anyone using Thunderbird, the enigmail plugin offers PGP for free, which works great.
Maybe I'm missing something?
Code, Hardware, stuff like that.
And what are the advantages? We already have the OpenPGP standard which is implemented by GnuPG and PGP. People who prefer free software are able to use GnuPG which is licensed under the GPL. If someone prefers commercial software he can use PGP - it even comes with a nice GUI if you use it on Windows. So let's look at your product: Non-free, No-source code, not standards complient, binaries only available for a limit number of platforms. So - in your posting you say "OpenSource" - on the webpage you write that you may publish the source in the future, but that it will only be free for non-commercial users. This is NOT OpenSource - see http://www.opensource.org/docs/definition.php for the definition what OpenSource means. Anyway, are there ANY advantages why I should even bother do download your product? Ah - don't mind - I just noticed that there aren't any LinuxPPC binaries, so I can't use it.
I mean, get lost, telling us this is better than GPG won't make us run and start use this stuff. Easier to use for joesixpacks ? You mean taking GPG-key-control out of their hands and doing it in the background with some mail application ? No thanks. I know GPG, I trust GPG, I use it with many OSes and with many different applications, very easily, for both signing and encrypting. As many thousand of other people do. So you'd better think some really better arguments there, than in those linked articles.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
I think this product would of been great if they would of made it OpenPGP compliant, and have a method of signing your keys for a particular email address(verify email address, send a web link, click on link and you're done) If they would of implemented all the automatic sender email matching, automatic decryption, automatic signing, etc. with the current(OpenPGP) standards it would be great.. You would already have a compatible userbase & everything. But as of now I have to support two standards S/MIME and OpenPGP when communicating with people.. Why would I want to recommend to a less technical friend a 3rd one? I'll just set them up with Thunderbird/Mozilla and Enigmail(http://enigmail.mozdev.org) If you havent looked at enigmail check it out.. I'm very impressed with it, and it works fine under windos too.
First off, encryption is done in two layers. With a 2048bit RSA and ElGamal key [both of which can be solved with GNFS ... in a shitload of time]. They ... WTF???
encrypt the data with AES in CBC-HMAC mode (??? HMAC is not an encryption algo) then Twofish in CCM mode.
First off, you MAC the ciphertext since it's gonna be exposed anyways. Second... CCM mode? WTF? CTR mode is simpler.
It's like they went out of their way to overly complicate the process.
Tom
Someday, I'll have a real sig.
it's another way to get signed/encrypted email into the hands of more people - whether they're geeks, or not. If it gets a few more people using some kind of authentication for email, then it's another strike against spammers/VXers; surely, it can't be all that bad, then, can it?
Sure, it isn't GPG, PGP, or any of the more "traditional" encryption programs. But then, how many Joe/Jane Sixpacks do you know that use those, either? From reading the article, it seems to greatly simplify the process of installing and using email signing/encryption, and that's something that I've run into trying to get people to use GPG/PGP: "It's too complicated; I have to remember too much stuff".
It looks like the security of it is being vetted, even if the source isn't as open as some would like (yet). Fine, it isn't "perfect" from a geek point of view, and it still has a way to go before it'll work on more email clients - but it's a start at de-geeking email crypto, which is something that can only help.
--- Asking inconvenient questions for over 30 years...
Such tools are useful iff their interface is rigidly defined. If it starts diverging into a dozen things that look similar but aren't entirely compatible, nobody will use any of them. If, on the other hand, the system is reasonably good at the start, the probability of major forks is reduced. So sometimes it's useful to keep such projects "closed" until it's stable and complete.
At least, I have heard such arguments made in the past. The other alternative is that the code is such an embarassing mess that they don't want anyone to see it -- I've heard that argument made as well (heck, I've got code I plan to release someday myself, as soon as I get around to adequately commenting it...).
Disclaimer: I work for a company, but I don't speak for them.
ever heard the expression "secure by default"
encrypted email stands out from unencrypted email
Iif the bulk of email was encrypted then it is harder to determined that which is encrypted for a reason and that which isn't. This adds value to the use of encryption.
I don't really need to ssh between servers on my LAN or run my vnc sessions though an ssh tunnel or use scp when I could use Samba but I do, partly because it means I am using best practices so when I am in a situation where it is desirable I am familiar with the operation and am familar with the tools I will need and not be sat there saying "bugger, I forgot to select 'use secure connection'".
I don't really need to lock my car every time I walk 10 yards from it to the cashpoint but I do because it is best practice.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Fuggedaboutit. There's a central server with an account for each user. There's a new GUI mail client (!) There's no compatibility with existing formats like S-MIME or PGP/GPG. Thanks, but no thanks.
Well one benefit is that if you get your social circle to adopt it as well you have a spamblocker. Any uncyphered mail can be flushed down the spambucket. And even if spammers started cyphering messages they can't forge the source, so ultimately you can flush any unapproved cypher source address the spambucket.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I'm always suspicious when a technical review plays misleading word games. Here's an excerpt from their expert review pdf (page 18) :
"With encryption solutions using PGP or S/MIME, an unsigned email message allows an attacker to forge the originator s identity even if the message is encrypted. The recipient cannot easily detect the change in the originator. However, in the Ciphire system, encryption includes authentication information. The session key used to encrypt the email message is digitally signed by the sender for every layer of encryption."
Although a technically accurate statement, it is highly misleading by comparing signed verses unsigned functions and implying a deficiency in GPG where none exists. GPG/PGP supports the same signing ability.
What do you think will happen if someone, say in the name of the war on drugs, wants to interfere? Presto, they can convince the central server to yank Bob's key from the directory and replace it by one of their choosing. Some privacy!
8. PRIVACY Licensee hereby expressly agrees and acknowledges that Licensor may collect, store, disclose to third parties and otherwise use and process (collectively "Process") Personal Data in connection with the Services, this Agreement and Licensee's use of the Software, and Licensee hereby authorizes Licensor (including its officers, directors, employees and agents and its suppliers and licensors) to Process Personal Data to the extent reasonably required or useful in connection with the provision of the Services and/or the execution of this Agreement, and in compliance with Licensor's current privacy policy as shown on Licensor's website (www.ciphire.com).
whats that about?
just buy a certificate to make Ciphire work.
The OpenPGP equivalent to a certificate is called a "plane ticket" whose price is called "airfare." Without a plane ticket, you often can't get your public key signed by people in the strongly connected web of trust. Without a signed public key, you can't build the web of trust, and without the web of trust, you can't verify a public key, which is the whole point of certificates.
What concerns me are comments like the following: "Each Ciphire certificate is reduced to a hash, an abbreviated mathematical identifier. Since the relationship between the hash and the certificate is reciprocal, the original hash would not match a certificate in which there was even the slightest change."
Not so fast: (a) certificates already have a signed hash; (b) it is common practice to state which hashing algorithm is used (SHA, MD5, ...?). I hope its not homegrown hash; and (c) by definition, hash values have collision where more than one certificate can map to the same hash value.
Just cause its an open-source wannabe doesn't mean its good for you. Let's hope for the best.
Mike www.sharecube.com
Some experts think that since DES has withstood so many years of scrutiny, and there still no atack significantly better than brute force, that triple-DES may be a better choice than AES, Twofish, and Serpent, none of which have yet been subject to a comparable amount of cryptanalysis. Yet triple-DES isn't in the list on the ciphers page. Why not?