On 30/08/17 00:57, Stefan Claas wrote: > If your communication partners would use the same software, like opmsg. > > https://github.com/stealth/opmsg > > Or if you would use Bitmessage instead of classic email, then > you have authenticated/encrypted messages too and can later > nuke your keys, if needed. > > https://bitmessage.org/wiki/Main_Page
According to <https://bitmessage.org/wiki/Encryption> Bitmessage does writer-receiver authentication (I do not know what is the standard term for this public key operation; clearly it is not “signing”) with HMAC using a Diffie-Hellman key derived from the shared secret between writer and recipient. Thus the recipient can not prove to any third party that the writer wrote the message (because he also knows the shared secret and thus he can also compute the authentication code). But Bitmessage gives me the impression of an highly amateurish job. I cite the absurd use of AES-256 along with a elliptic curve providing roughly 128 bits of security (secp256k1). Moreover, anybody who cares to do so can build an FPGA miner for Bitmessage proofs of work and perform a denial of service given that many users have only a CPU to compute the POW. I would not trust my sensitive data to it. “opmsg” gives me an even worse impression. It seems to be the work of a single man, and I do not even see a specification of the format. Also, from the readme.md “The private part of the keys which are stored inside ~/.opmsg are NOT encrypted. It is believed that once someone gained access to your account, its all lost anyway” I would not trust a person with this way of thinking to write my cryptographic software. Regards. -- Do not eat animals; respect them as you respect people. https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users