[liberationtech] safegmail-is-a-simple-way-to-encrypt-messages-in-gmail
Steve Weis
steveweis at gmail.com
Tue Oct 23 12:11:08 PDT 2012
Seconded. Do not use this extension in production.
I briefly looked at the code and found some mistakes: unauthenticated
encryption, use of ECB for larger than one block, use of 512-bit ElGamal
keys, possible timing attack to recover secret key hash, possible entropy
exhaustion DoS attack, etc.
I am on my phone so haven't looked at it in any depth.
On Oct 23, 2012 11:13 AM, "Maxim Kammerer" <mk at dee.su> wrote:
> I recommend everyone to avoid using this extension in its current
> form. It has nothing to do with PGP, and is an implementation of
> symmetric encryption where the (randomly generated) encryption key is
> sent in cleartext to SafeGmail server. Recipient then provides a
> password that SafeGmail server uses to decrypt the encryption key,
> which is then sent to recipient (again, in cleartext). Such
> unnecessary complication of a client-only symmetric encryption scheme
> makes no sense, and shows misunderstanding of the simplest
> cryptographic concepts. Use of PGP is completely incidental — PGP with
> autogenerated keys is used on the server instead of a much simpler
> symmetric crypto to keep per-message encryption keys (private PGP key
> is encrypted with user-supplied passphrase). Contrast this with the
> misleading title: “Easy & Free PGP (Pretty Good Privacy) Encryption
> for Gmail” on SafeGmail homepage.
> https://twitter.com/mkdeesu/status/260750944495624192
>
> --
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121023/40a26c4a/attachment.html>
More information about the liberationtech
mailing list