Slashdot Mirror

← Back to Stories (view on slashdot.org)

Silent Circle, Lavabit Unite For 'Dark Mail' Encrypted Email Project

Posted by timothy on from the it's-so-spooky dept.

angry tapir writes "Two privacy-focused email providers have launched the Dark Mail Alliance, a project to engineer an email system with robust defenses against spying. Silent Circle and Lavabit abruptly halted their encrypted email services in August, saying they could no longer guarantee email would remain private after court actions against Lavabit, reportedly an email provider for NSA leaker Edward Snowden."

4 of 195 comments (clear)

  1. Dump SSL / Certificate-based Security by Anonymous Coward · · Score: 5, Insightful

    The whole paradigm of certificate trust, and the fact that you just have to trust Root CAs, is a farcical model of security.

    We should all be aware by now that the Root CAs we all know and trust are compromised by NSA and that they can MITM any SSL connection they want at any time.

    Until we can move beyond this whole third party certificate trust issue, there will never, EVER be truly secure email.

  2. right from the white paper by imatter · · Score: 5, Insightful

    SCIMP provides strong encryption, perfect forward secrecy and message authentication.Further, we have incorporated many NIST-approved methods and protocols into its design including:

    • Elliptic Curve Diffie–Hellman (ECDH), NIST 800-56A
    • Counter with CBC-MAC (CCM), NIST 800-38C
    • Key Derivation, NIST 800-108
    • Secure Hash Standard, FIPS 180-4
    • Advanced Encryption Standard (AES), FIPS 197

    Does anyone else see a problem with with the wording "NIST-approved methods and protocols?" NIST/NSA

  3. Re:Called it by Alain+Williams · · Score: 5, Insightful

    Registrant Country:US

    I'd just feel a bit happier if the new effort was based somewhere other than the USA; somewhere a bit harder for the NSA to get its sticky paws into. I have in mind how the NSA screwed with IPSec. Mind you: discussion would have to be international, I am not sure how much harder it would make things for them if this was based in, say, Bolivia.

  4. Re:Did the NSA just kill SMTP? by Vanderhoth · · Score: 5, Insightful

    There is the added advantage that if everything is encrypted, and snoopers had to decrypt everything to find something of value, it would be a serious drain on their resources. On the flip side, if everything, except that which absolutely required encryption, was sent in and easily accessible format then encrypted messages are a big red flag that says "Look at me I'm important!!", which allows snoopers to be selective about where they spend their resources. But that's just my take on it.