[liberationtech] Security / reliability of cryptoheaven ?

Maxim Kammerer mk at dee.su
Tue Oct 2 20:41:03 PDT 2012 

On Wed, Oct 3, 2012 at 3:52 AM, Brian Conley <brianc at smallworldnews.tv> wrote:
> I am immediately suspicious of any service advertising simple easy encrypted
> email

Why? The notion that easy encrypted email is hard is a myth, perhaps
resulting from people being trapped inside the concept of using PGP
and its non-scalable “web of trust”. Liberté Linux implements cables
communication [1], which provides just that — easy encrypted email.
The catch is that there is no interoperability with SMTP, and there
are no easy-to-remember usernames.

> but perhaps someone here can offer a coherent reply based on their
> privacy policy  or other info as to why this should not be trusted?

>From going over the security summary [2], I don't see why
CryptoHeaven's servers can't trivially MITM retrieval of recipient's
public key:

“The public portion of the key is then sent to the server where it can
be picked up by others connecting to the system.”

>From Security FAQ [3]:

“CryptoHeaven manages public keys automatically and securely. User
simply allows others to communicate with him through the use of
"Contacts" within the CryptoHeaven system. The system takes care of
the exchange of the public keys automatically.”

The underlying problem is that the username (apparently) does not
include a hash of the public key. It is possible that user ID
mentioned in “How can I verify that I am sending messages to whom I
think I am?” entry in the FAQ is such a hash, but it is not clear from
the brief description.

It is also not clear whether the server can decide to make a message
disappear — i.e., are there mandatory authenticated receipts?

And of course, due to the centralized nature of the system,
CryptoHeaven can perform traffic analysis, building social networks of
correspondents, etc.

I am also not sure why they mention “non-repudiation and anonymity” in
the FAQ. Non-repudiation is seen as problematic in encrypted
communications nowadays (together with lack of perfect forward
secrecy, which seems to be an attribute of the protocol as well), and
is differentiated from communication authenticity per se (e.g., see
OTR [4]). The claim of anonymity looks like an overstatement.

All of the above is written based on high-level descriptions on
CryptoHeaven website — I didn't look at the code (which is available
[5]), so some points could be incorrect.

[1] http://dee.su/cables
[2] http://www.cryptoheaven.com/Security/security-encrypted-email.htm
[3] http://www.cryptoheaven.com/Security/SecurityFAQ.htm
[4] http://www.cypherpunks.ca/otr/
[5] http://www.cryptoheaven.com/Download/Files/CryptoHeaven-SourceCode.jar

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte

More information about the liberationtech mailing list