[liberationtech] Tormail in trouble. Experts at Black Hat recommend Elliptic Curves: this is what PassLok 1.3 is based on.

Francisco Ruiz ruiz at iit.edu
Tue Aug 6 15:20:41 PDT 2013 

Hi folks,

Thank you very much for your great feedback on the previous version. The
next version is now up at http://passlok.com, which redirects to
https://passlok.site44.com

This may come in handy now that there are problems with Tor, since PassLok
allows you to go to any computer to do encrypted mail, because there is
nothing to install. This is what PassLok was designed to do.

The other unforeseen endorsement came from the recent Black Hat conference.
Researchers Alex Stamos, Tom Ritter, Thomas Ptacek, and Javed Samuel
encouraged everyone to base their public key cryptosystems on elliptic
curves rather than RSA. Here's a link on this:
http://arstechnica.com/security/2013/08/crytpo-experts-issue-a-call-to-arms-to-avert-the-cryptopocalypse/

In addition to needing nothing to install and doing 521-bit elliptic curves
on top of AES-256, which PassLok has done for a while, here's the new stuff
in version 1.3:

1. Much more resistant to dictionary attack and rainbow tables, thanks to
variable key stretching using PBKDF2. PassLok analyzes your key and applies
more iterations if it feels your key is less than perfect, up to a whopping
200,000 iterations for lousy keys. Since keys made in version 1.2 are no
longer compatible, this prompts upping the version to 1.3.

2. Increased resistance to tampering. Now there is a link to a youtube
video of me reading the SHA256 hash of the source code. This is going to be
darn hard to fake by an attacker.

3. There's a detailed PDF manual. It is invoked from the help screen.

4. The built-in subliminal channel has been extended to signatures as well
as encrypted messages.

It is free, so please feel free to use it and tell me how to improve it
further. The link is repeated at the bottom

-- 
Francisco Ruiz
Associate Professor
MMAE department
Illinois Institute of Technology

PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok

get the PassLok privacy app at: http://passlok.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130806/3561a86c/attachment.html>

More information about the liberationtech mailing list