[liberationtech] pgp message encryption and decrypion using just a browser

[Steve Weis]

Hi Frank. Just to highlight, I didn't spend much time looking at this.
There are common mistakes people make when composing cryptographic
primitives and it's easy to find them on a cursory look. There is a
much deeper level of code audit that would be necessary before I'd
trust a random project downloaded from the web.

Code like this is a black box that you are giving a secret key and
potentially malicious input. Since the ciphertext is coming from an
untrusted source, a exploit in the code that handles it could leak
your key to an attacker. That has nothing to do with the crypto.
Unvalidated input is the fundamental problem behind attacks like
buffer overflows and cross-site scripting.

"Can attacker crack a single message?" is the wrong question to ask
and the 256-bit key length is irrelevant. These aren't attacks against
the cipher, but against how it's used. You do not want to assume a
dumb, weak adversary who does nothing but guess values. In
cryptography, you need to assume powerful adversaries and ask if they
can even distinguish a bit of information. There are formal
definitions of what "powerful" means, which I won't get into.

On Tue, Oct 5, 2010 at 4:07 AM, Frank Corrigan
<email at franciscorrigan.com> wrote:
> Thanks Steve, your detailed analysis is much appreciated.
>
> Do you think that most of these risks your have highlighted are
> mitigated against if http://www.fourmilab.ch/javascrypt/jscrypt.html is
> downloaded locally and only used offline, under say the Private browsing
> mode of FireFox or within VM or LiveCD/USB?
>
> As far as I can understand from the websites blurb, the text messages
> are encrypted by a 256 bit shared key. Should an attacker get hold of
> just the encrypted message and the shared key has not been compromised
> it should still be quite difficult to crack the message?
>